From 342f4f0b04e81092e03beacd82248c3da390b8eb Mon Sep 17 00:00:00 2001
From: Tobias Urdin <tobias.urdin@binero.se>
Date: Wed, 14 Oct 2020 11:20:21 +0200
Subject: [PATCH] Add ssl_verify_client to wsgi::apache

Change-Id: Iee9f8e0d87310e099185044f1cc1939a03aa9977
---
 manifests/wsgi/apache.pp                                   | 7 +++++++
 .../notes/add-ssl_verify_client-87e52209cc80861d.yaml      | 4 ++++
 spec/defines/openstacklib_wsgi_apache_spec.rb              | 2 ++
 3 files changed, 13 insertions(+)
 create mode 100644 releasenotes/notes/add-ssl_verify_client-87e52209cc80861d.yaml

diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp
index 8477c446..e047f668 100644
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@@ -67,6 +67,11 @@
 #   (Optional) Path to SSL key.
 #   Default to apache::vhost 'ssl_*' defaults
 #
+# [*ssl_verify_client*]
+#   (Optional) Sets the SSLVerifyClient directive which sets the
+#   certificate verification level for client authentication.
+#   Default to apache::vhost 'ssl_*' defaults
+#
 # [*ssl_chain*]
 #   (Optional) SSL chain.
 #   Default to apache::vhost 'ssl_*' defaults
@@ -240,6 +245,7 @@ define openstacklib::wsgi::apache (
   $ssl_crl                     = undef,
   $ssl_crl_path                = undef,
   $ssl_key                     = undef,
+  $ssl_verify_client           = undef,
   $threads                     = 1,
   $user                        = undef,
   $workers                     = $::os_workers,
@@ -352,6 +358,7 @@ define openstacklib::wsgi::apache (
     ssl                        => $ssl,
     ssl_cert                   => $ssl_cert,
     ssl_key                    => $ssl_key,
+    ssl_verify_client          => $ssl_verify_client,
     ssl_chain                  => $ssl_chain,
     ssl_ca                     => $ssl_ca,
     ssl_crl_path               => $ssl_crl_path,
diff --git a/releasenotes/notes/add-ssl_verify_client-87e52209cc80861d.yaml b/releasenotes/notes/add-ssl_verify_client-87e52209cc80861d.yaml
new file mode 100644
index 00000000..46bda7f6
--- /dev/null
+++ b/releasenotes/notes/add-ssl_verify_client-87e52209cc80861d.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Added ssl_verify_client parameter to openstacklib::wsgi::apache.
diff --git a/spec/defines/openstacklib_wsgi_apache_spec.rb b/spec/defines/openstacklib_wsgi_apache_spec.rb
index 05e903f5..504cbf59 100644
--- a/spec/defines/openstacklib_wsgi_apache_spec.rb
+++ b/spec/defines/openstacklib_wsgi_apache_spec.rb
@@ -33,6 +33,7 @@ describe 'openstacklib::wsgi::apache' do
       :bind_port          => 5000,
       :group              => 'keystone',
       :ssl                => true,
+      :ssl_verify_client  => 'optional',
       :user               => 'keystone',
       :wsgi_script_dir    => '/var/www/cgi-bin/keystone',
       :wsgi_script_file   => 'main',
@@ -76,6 +77,7 @@ describe 'openstacklib::wsgi::apache' do
         :docroot_group               => 'keystone',
         :setenv                      => [],
         :ssl                         => 'true',
+        :ssl_verify_client           => 'optional',
         :wsgi_daemon_process         => {
           'keystone_wsgi' => {
             'user'         => 'keystone',