internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-06 13:22:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make sure we only proceed with ldap-ca.crt is a valid secret

Browse Source
This commit is contained in:
Marcelo Moreira de Mello
2021-03-31 11:25:25 -04:00
parent 8974e3446a
commit 658cf92a3b
3 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/installer/templates/ldap.py.j2
View File

@@ -1,5 +1,5 @@
AUTH_LDAP_GLOBAL_OPTIONS = {
{% if ldap_cacert_secret %}
{% if ldap_cacert_ca_crt %}
ldap.OPT_X_TLS_REQUIRE_CERT: True,
ldap.OPT_X_TLS_CACERTFILE: "/etc/openldap/certs/ldap-ca.crt"
{% endif %}

4
roles/installer/templates/tower_deployment.yaml.j2
View File

@@ -58,7 +58,7 @@ spec:
mountPath: "/etc/nginx/pki"
readOnly: true
{% endif %}
{% if ldap_cacert_secret %}
{% if ldap_cacert_ca_crt %}
- name: "{{ meta.name }}-ldap-cacert"
mountPath: /etc/openldap/certs/ldap-ca.crt
subPath: ldap-ca.crt
@@ -204,7 +204,7 @@ spec:
- key: tls.crt
path: 'web.crt'
{% endif %}
{% if ldap_cacert_secret %}
{% if ldap_cacert_ca_crt %}
- name: "{{ meta.name }}-ldap-cacert"
secret:
secretName: "{{ ldap_cacert_secret }}"

1
roles/installer/vars/main.yml
View File

@@ -1,3 +1,4 @@
---
postgres_initdb_args: '--auth-host=scram-sha-256'
postgres_host_auth_method: 'scram-sha-256'
ldap_cacert_ca_crt: ''