From b972488ad2630790a956d132546afc7102c71524 Mon Sep 17 00:00:00 2001
From: tpsilva <tiago.pasqualini@canonical.com>
Date: Sat, 2 Nov 2019 06:44:52 -0300
Subject: [PATCH] Disable Apache port 80

Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments.

Change-Id: I0d935de2eada861b986e2f17ead6a5674afd2969
Closes-bug: #1845665
---
 hooks/neutron_api_utils.py           | 5 +++++
 templates/ports.conf                 | 4 ++++
 unit_tests/test_neutron_api_utils.py | 3 +++
 3 files changed, 12 insertions(+)
 create mode 100644 templates/ports.conf

diff --git a/hooks/neutron_api_utils.py b/hooks/neutron_api_utils.py
index d87b16ea..67ed57ff 100755
--- a/hooks/neutron_api_utils.py
+++ b/hooks/neutron_api_utils.py
@@ -139,6 +139,7 @@ NEUTRON_CONF = '%s/neutron.conf' % NEUTRON_CONF_DIR
 NEUTRON_LBAAS_CONF = '%s/neutron_lbaas.conf' % NEUTRON_CONF_DIR
 NEUTRON_VPNAAS_CONF = '%s/neutron_vpnaas.conf' % NEUTRON_CONF_DIR
 HAPROXY_CONF = '/etc/haproxy/haproxy.cfg'
+APACHE_PORTS_CONF = '/etc/apache2/ports.conf'
 APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
 APACHE_24_CONF = '/etc/apache2/sites-available/openstack_https_frontend.conf'
 APACHE_SSL_DIR = '/etc/apache2/ssl/neutron'
@@ -198,6 +199,10 @@ BASE_RESOURCE_MAP = OrderedDict([
                      neutron_api_context.HAProxyContext()],
         'services': ['haproxy'],
     }),
+    (APACHE_PORTS_CONF, {
+        'contexts': [],
+        'services': ['apache2'],
+    }),
 ])
 
 # The interface is said to be satisfied if anyone of the interfaces in the
diff --git a/templates/ports.conf b/templates/ports.conf
new file mode 100644
index 00000000..103f3e05
--- /dev/null
+++ b/templates/ports.conf
@@ -0,0 +1,4 @@
+# File written by Juju: don't open default ports on SSL environments (see LP 1845665).
+<IfModule !ssl_module>
+    Listen 80
+</IfModule>
diff --git a/unit_tests/test_neutron_api_utils.py b/unit_tests/test_neutron_api_utils.py
index 319245ae..ac58fd71 100644
--- a/unit_tests/test_neutron_api_utils.py
+++ b/unit_tests/test_neutron_api_utils.py
@@ -254,6 +254,7 @@ class TestNeutronAPIUtils(CharmTestCase):
             (nutils.API_PASTE_INI, ['neutron-server']),
             (nutils.APACHE_CONF, ['apache2']),
             (nutils.HAPROXY_CONF, ['haproxy']),
+            (nutils.APACHE_PORTS_CONF, ['apache2']),
             (ML2CONF, ['neutron-server']),
         ])
         self.assertEqual(_restart_map, expect)
@@ -272,6 +273,7 @@ class TestNeutronAPIUtils(CharmTestCase):
             (nutils.API_PASTE_INI, ['neutron-server']),
             (nutils.APACHE_CONF, ['apache2']),
             (nutils.HAPROXY_CONF, ['haproxy']),
+            (nutils.APACHE_PORTS_CONF, ['apache2']),
             (ML2CONF, ['neutron-server']),
             ('{}/*'.format(nutils.APACHE_SSL_DIR),
              ['apache2', 'neutron-server']),
@@ -298,6 +300,7 @@ class TestNeutronAPIUtils(CharmTestCase):
                  '/etc/neutron/api-paste.ini',
                  '/etc/default/neutron-server',
                  '/etc/neutron/plugins/ml2/ml2_conf.ini',
+                 '/etc/apache2/ports.conf',
                  '/etc/apache2/sites-available/openstack_https_frontend',
                  '/etc/haproxy/haproxy.cfg']
         self.assertEqual(sorted(_regconfs.configs), sorted(confs))