Use ServiceNetMap to filter PublicNetwork in haproxy-tls
Replace the filtering using the hard-coded "external" network name with a yaql filter using the PublicNetwork in ServiceNetMap instead. This should allow fully custom network name/name_lower to be used as long as service_net_map_replace is also used or the ServiceNetMap is provided with appropriate overrides. Also removes jinj2 filtering on 'tenant' network, this network does not have a VIP by default so it is alreayd filtered by the 'and network.vip' in the jinj2 for loop. In the case 'tenant' network does have VIP it would make sense to create a certificate for it as well. Related-Bug: #1946239 Change-Id: I7fa8e9931f27dbe3352b06c830441eac5bc3733e
This commit is contained in:
parent
f6eddad78c
commit
273b41a5da
@ -53,15 +53,23 @@ resources:
|
|||||||
type: OS::Heat::Value
|
type: OS::Heat::Value
|
||||||
properties:
|
properties:
|
||||||
value:
|
value:
|
||||||
# NOTE(jaosorior) Get unique network names to create
|
# NOTE(jaosorior|hjensas) Get unique network names to create
|
||||||
# certificates for those. We skip the tenant network since
|
# certificates for those.
|
||||||
# we don't need a certificate for that, and the external
|
# * The 'ctlplane' network is always included.
|
||||||
# network will be handled in another template.
|
# * The tenant network is skipped in jinja2 filter since it
|
||||||
- ctlplane
|
# does not have a VIP. We don't need a certificate for the
|
||||||
|
# tenant nework.
|
||||||
|
# * The "external" (PublicNetwork) network will be handled in
|
||||||
|
# another template, it is skipped by a yaql filter on the
|
||||||
|
# PublicNetwork defined in ServiceNetMap.
|
||||||
|
yaql:
|
||||||
|
expression: let(public_network => $.data.public_network) -> $.data.networks.where($ != $public_network or $ = 'ctlplane')
|
||||||
|
data:
|
||||||
|
public_network: {get_param: [ServiceNetMap, PublicNetwork]}
|
||||||
|
networks:
|
||||||
|
- ctlplane
|
||||||
{%- for network in networks if network.enabled|default(true) and network.vip|default(false) %}
|
{%- for network in networks if network.enabled|default(true) and network.vip|default(false) %}
|
||||||
{%- if network.name_lower != 'external' and network.name_lower != 'tenant' %}
|
- {{network.name_lower}}
|
||||||
- {{network.name_lower}}
|
|
||||||
{%- endif %}
|
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
{% raw -%}
|
{% raw -%}
|
||||||
outputs:
|
outputs:
|
||||||
|
Loading…
Reference in New Issue
Block a user