Add ssl_verify_client parameter for horizon
The recent change in puppet-horizon[1] made the ssl_verify_client parameter mandatory when ssl_ca is set. This patch makes sure that the ssl_verify_client parameter is set properly. In addition, internal tls cert is not valid when internal tls is not enabled. This patch also addresses that point, and make ssl_ca is set only when needed. [1] https://review.opendev.org/#/c/758041/6 Closes-Bug: #1900947 Change-Id: I286f69b8d3775d7538685e799f092ce47b5d75a7
This commit is contained in:
parent
d3b099fac9
commit
132c0b1e79
|
@ -223,11 +223,16 @@ outputs:
|
|||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
|
||||
horizon::listen_ssl: {get_param: EnableInternalTLS}
|
||||
horizon::ssl_ca: {get_param: InternalTLSCAFile}
|
||||
horizon::customization_module: {get_param: HorizonCustomizationModule}
|
||||
horizon::timezone: {get_param: TimeZone}
|
||||
horizon::file_upload_temp_dir: '/var/tmp'
|
||||
horizon::help_url: {get_param: HorizonHelpURL}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- horizon::ssl_ca: {get_param: InternalTLSCAFile}
|
||||
horizon::ssl_verify_client: true
|
||||
- {}
|
||||
-
|
||||
if:
|
||||
- websso_enabled
|
||||
|
|
Loading…
Reference in New Issue