openstack/puppet-heat
Code Issues Proposed changes

apache+mod_wsgi: Disable SSL by default

Browse Source 
During the previous cycle, a warning message was added to inform users
of this change.

Now the default value is updated so that SSL is disabled by default.

Change-Id: I6bd11a340b8623b45da7284e52ee505ea6870562
This commit is contained in:
Takashi Kajinami 2022-05-06 20:46:39 +09:00
parent ec9c6317ff
commit 0585656937
7 changed files with 21 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
manifests/wsgi/apache.pp
View File

@ -42,7 +42,7 @@
#
# [*ssl*]
# Use ssl ? (boolean)
# Optional. Defaults to true
# Optional. Defaults to false
#
# [*workers*]
# Number of WSGI workers to spawn.
@ -112,7 +112,7 @@ define heat::wsgi::apache (
$servername = $::fqdn,
$bind_host = undef,
$path = '/',
$ssl = undef,
$ssl = false,
$workers = $::os_workers,
$ssl_cert = undef,
$ssl_key = undef,
@ -135,11 +135,6 @@ define heat::wsgi::apache (
fail('The valid options are api, api_cfn')
}
if $ssl == undef {
warning('Default of the ssl parameter will be changed in a future release')
}
$ssl_real = pick($ssl, true)
include heat::deps
include heat::params
@ -152,7 +147,7 @@ define heat::wsgi::apache (
path => $path,
priority => $priority,
servername => $servername,
ssl => $ssl_real,
ssl => $ssl,
ssl_ca => $ssl_ca,
ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir,

11
manifests/wsgi/apache_api.pp
View File

@ -37,7 +37,7 @@
#
# [*ssl*]
# Use ssl ? (boolean)
# Optional. Defaults to true
# Optional. Defaults to false
#
# [*workers*]
# Number of WSGI workers to spawn.
@ -108,7 +108,7 @@ class heat::wsgi::apache_api (
$servername = $::fqdn,
$bind_host = undef,
$path = '/',
$ssl = undef,
$ssl = false,
$workers = $::os_workers,
$ssl_cert = undef,
$ssl_key = undef,
@ -128,17 +128,12 @@ class heat::wsgi::apache_api (
$request_headers = undef,
) {
if $ssl == undef {
warning('Default of the ssl parameter will be changed in a future release')
}
$ssl_real = pick($ssl, true)
heat::wsgi::apache { 'api':
port => $port,
servername => $servername,
bind_host => $bind_host,
path => $path,
ssl => $ssl_real,
ssl => $ssl,
workers => $workers,
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,

11
manifests/wsgi/apache_api_cfn.pp
View File

@ -37,7 +37,7 @@
#
# [*ssl*]
# Use ssl ? (boolean)
# Optional. Defaults to true
# Optional. Defaults to false
#
# [*workers*]
# Number of WSGI workers to spawn.
@ -109,7 +109,7 @@ class heat::wsgi::apache_api_cfn (
$servername = $::fqdn,
$bind_host = undef,
$path = '/',
$ssl = undef,
$ssl = false,
$workers = $::os_workers,
$ssl_cert = undef,
$ssl_key = undef,
@ -130,11 +130,6 @@ class heat::wsgi::apache_api_cfn (
$request_headers = ['set Content-Type "application/json"'],
) {
if $ssl == undef {
warning('Default of the ssl parameter will be changed in a future release')
}
$ssl_real = pick($ssl, true)
validate_legacy(Integer, 'validate_integer', $port)
# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1396553
@ -151,7 +146,7 @@ class heat::wsgi::apache_api_cfn (
servername => $servername,
bind_host => $bind_host,
path => $path,
ssl => $ssl_real,
ssl => $ssl,
workers => $workers,
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,

9
releasenotes/notes/disable-apache-ssl-6227808a193f3110.yaml Normal file
View File

@ -0,0 +1,9 @@
---
upgrade:
- |
Default value of the following parameters has been changed from ``true`` to
``false`` and now ssl is disabled by default.
- ``heat::wsgi::apache::ssl``
- ``heat::wsgi::apache_api::ssl``
- ``heat::wsgi::apache_api_cfn::ssl``

2
spec/classes/heat_wsgi_apache_api_cfn_spec.rb
View File

@ -10,7 +10,7 @@ describe 'heat::wsgi::apache_api_cfn' do
:servername => facts[:fqdn],
:bind_host => nil,
:path => '/',
:ssl => true,
:ssl => false,
:workers => facts[:os_workers],
:ssl_cert => nil,
:ssl_key => nil,

2
spec/classes/heat_wsgi_apache_api_spec.rb
View File

@ -10,7 +10,7 @@ describe 'heat::wsgi::apache_api' do
:servername => facts[:fqdn],
:bind_host => nil,
:path => '/',
:ssl => true,
:ssl => false,
:workers => facts[:os_workers],
:ssl_cert => nil,
:ssl_key => nil,

2
spec/defines/heat_wsgi_apache_spec.rb
View File

@ -21,7 +21,7 @@ describe 'heat::wsgi::apache' do
'bind_port' => '8000',
'group' => 'heat',
'user' => 'heat',
'ssl' => 'true',
'ssl' => false,
'wsgi_daemon_process' => "heat_#{title}",
'wsgi_process_group' => "heat_#{title}",
'wsgi_script_dir' => platform_params[:wsgi_script_dir],