From 8eb305f3f1da565d909cd4beb8992322a1a36892 Mon Sep 17 00:00:00 2001
From: tpsilva <tiago.pasqualini@canonical.com>
Date: Sat, 2 Nov 2019 06:22:47 -0300
Subject: [PATCH] Disable Apache port 80

Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments.

Change-Id: I3f8eb69813058a9291540634ad262bfdaa7b8731
Closes-bug: #1845665
---
 hooks/glance_utils.py           | 7 ++++++-
 templates/ports.conf            | 4 ++++
 unit_tests/test_glance_utils.py | 3 +++
 3 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 templates/ports.conf

diff --git a/hooks/glance_utils.py b/hooks/glance_utils.py
index 364bc4df..85203cff 100644
--- a/hooks/glance_utils.py
+++ b/hooks/glance_utils.py
@@ -122,6 +122,7 @@ CEPH_CONF = "/etc/ceph/ceph.conf"
 CHARM_CEPH_CONF = '/var/lib/charm/{}/ceph.conf'
 
 HAPROXY_CONF = "/etc/haproxy/haproxy.cfg"
+APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
 HTTPS_APACHE_CONF = "/etc/apache2/sites-available/openstack_https_frontend"
 HTTPS_APACHE_24_CONF = "/etc/apache2/sites-available/" \
     "openstack_https_frontend.conf"
@@ -209,7 +210,11 @@ CONFIG_FILES = OrderedDict([
     (HTTPS_APACHE_24_CONF, {
         'hook_contexts': [glance_contexts.ApacheSSLContext()],
         'services': ['apache2'],
-    })
+    }),
+    (APACHE_PORTS_CONF, {
+        'contexts': [],
+        'services': ['apache2'],
+    }),
 ])
 
 
diff --git a/templates/ports.conf b/templates/ports.conf
new file mode 100644
index 00000000..103f3e05
--- /dev/null
+++ b/templates/ports.conf
@@ -0,0 +1,4 @@
+# File written by Juju: don't open default ports on SSL environments (see LP 1845665).
+<IfModule !ssl_module>
+    Listen 80
+</IfModule>
diff --git a/unit_tests/test_glance_utils.py b/unit_tests/test_glance_utils.py
index 9c5fdba5..672a065c 100644
--- a/unit_tests/test_glance_utils.py
+++ b/unit_tests/test_glance_utils.py
@@ -156,6 +156,7 @@ class TestGlanceUtils(CharmTestCase):
             (utils.HAPROXY_CONF, ['haproxy']),
             (utils.HTTPS_APACHE_CONF, ['apache2']),
             (utils.HTTPS_APACHE_24_CONF, ['apache2']),
+            (utils.APACHE_PORTS_CONF, ['apache2']),
             (utils.MEMCACHED_CONF, ['memcached']),
             (utils.GLANCE_POLICY_FILE, ['glance-api', 'glance-registry']),
         ])
@@ -177,6 +178,7 @@ class TestGlanceUtils(CharmTestCase):
             (utils.HAPROXY_CONF, ['haproxy']),
             (utils.HTTPS_APACHE_CONF, ['apache2']),
             (utils.HTTPS_APACHE_24_CONF, ['apache2']),
+            (utils.APACHE_PORTS_CONF, ['apache2']),
             (utils.MEMCACHED_CONF, ['memcached']),
             (utils.GLANCE_POLICY_FILE, ['glance-api']),
         ])
@@ -200,6 +202,7 @@ class TestGlanceUtils(CharmTestCase):
             (utils.HAPROXY_CONF, ['haproxy']),
             (utils.HTTPS_APACHE_CONF, ['apache2']),
             (utils.HTTPS_APACHE_24_CONF, ['apache2']),
+            (utils.APACHE_PORTS_CONF, ['apache2']),
             (utils.MEMCACHED_CONF, ['memcached']),
             (utils.GLANCE_POLICY_FILE, ['glance-api']),
             ('{}/*'.format(utils.APACHE_SSL_DIR),