tls-enabled set to true over the keystone-fid-service-provider relation

Bug #1982948 reported by Felipe Reyes
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Keystone Charm
New
Medium
Unassigned

Bug Description

the relation keystone-fid-service-provider informs the subordinate if http or https should be used to talk to keystone (and configure the provider correctly), although when keystone is related to vault (via certificates relation) the tls-enabled key will be set to true even if keystone hasn't been configured to serve by https, this specially a problem when vault is sealed and the certificates may simply never be available during the deployment.

```
    if relation_ids('certificates'):
        tls_enabled = True
```
source: https://opendev.org/openstack/charm-keystone/src/branch/master/hooks/keystone_hooks.py#L835

process_certificates()[0] is capable of detecting if there are certificates available in the relation, but calling it has the side effect that it will write them on disk.

[0] https://opendev.org/openstack/charm-keystone/src/branch/master/hooks/keystone_hooks.py#L872

Felipe Reyes (freyes)
Changed in charm-keystone:
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.