Fix keystone_secure_proxy_ssl_header logic

Previous commit [1] introduced logic that breaks proper service discovery. Now we're fixing logic, following next rules/assumptiuons: +----------+---------+---------------+ | HAProxy | Apache | RequestHeader | +----------+---------+-- ------------+ | non-SSL | non-SSL | http | | non-SSL | SSL | http | | SSL | SSL | https | | SSL | non-SSL | https | +----------+---------+---------------+ [1] https://opendev.org/openstack/openstack-ansible-os_keystone/commit/6fae2bdade459c85dba55aae64c9f6f4e485a782 Change-Id: Ibf7759eea63b7150aeae655c10eccc69cd3417ea (cherry picked from commit 33ee3fc)
openstack · Aug 15, 2022 · 7995449 · 7995449
1 parent b7c8ad5
commit 7995449
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
@@ -20,9 +20,9 @@ Listen {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}
     {% endif -%}
     Header set X-Frame-Options "{{ keystone_x_frame_options | default ('DENY') }}"
 
-    {% if (keystone_ssl | bool) and (keystone_external_ssl | bool) %}
+    {% if (keystone_external_ssl | bool) %}
     RequestHeader set {{ keystone_secure_proxy_ssl_header }} "https"
-    {% elif not (keystone_ssl | bool) and (keystone_external_ssl | bool) %}
+    {% else %}
     RequestHeader set {{ keystone_secure_proxy_ssl_header }} "http"
     {% endif %}