Only add OIDCXForwardedHeaders when variable is set

Currently the option OIDCXForwardedHeaders is added to wsgi-keystone.conf even when ``keystone_federation_oidc_forwarded_headers`` is empty. However, OIDCXForwardedHeaders cannot be used with empty value. This change fixes it by adding length check to the value of the variable ``keystone_federation_oidc_forwarded_headers``. Closes-Bug: #2119344 Change-Id: I516eb2cd967b4d5112fabe77f79cbf3421ec3318 Signed-off-by: Seunghun Lee <seunghun@stackhpc.com>
2025-08-01 21:53:10 +01:00
parent 338640ad24
commit d97357308a
2 changed files with 9 additions and 0 deletions
--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -58,7 +58,9 @@ LogLevel info
 {% endif -%}

 {% if keystone_enable_federation_openid | bool %}
+{% if keystone_federation_oidc_forwarded_headers | length > 0 %}
    OIDCXForwardedHeaders "{{ keystone_federation_oidc_forwarded_headers }}"
+{% endif %}
    OIDCClaimPrefix "OIDC-"
    OIDCClaimDelimiter "{{ keystone_federation_oidc_claim_delimiter }}"
    OIDCResponseType "{{ keystone_federation_oidc_response_type }}"
--- a/releasenotes/notes/fix-oidc-x-forwarded-headers-option-edb945bfcb98c691.yaml
+++ b/releasenotes/notes/fix-oidc-x-forwarded-headers-option-edb945bfcb98c691.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes the bug where Keystone become unable to start when the option
+    ``OIDCXForwardedHeaders`` is set with empty string in
+    ``wsgi-keystone.conf``.
+    `LP#2119344 <https://bugs.launchpad.net/kolla-ansible/+bug/2119344>`__