From 6fa17311d9383cf87737b296688a261360290c2c Mon Sep 17 00:00:00 2001
From: Mauricio Faria de Oliveira <mfo@canonical.com>
Date: Wed, 27 Sep 2023 18:53:07 -0300
Subject: [PATCH] openstack/novarc: export HTTPS after vault init

The `export OS_AUTH_PROTOCOL=https` in the Vault-based SSL case
only happens in the check for 'Vault needs to be initialized',
which suggests to run the script to unseal/authorize.

However, if you type 'n' (not proceed), run that script, and
rerun ./configure, then it is not exported, which broke this
neutron command, as the server refuses HTTP on a HTTPS port.

With this patch, the neutron command succeeded, ./configure
finished, and juju status is all green/active/idle.
(openstack deployment of jammy yoga).

Steps:

```
$ ./configure
...
This deployment is using vault-based ssl certificates
but the vault seems to be not initialized yet.
It is recommended to initialize it via running
./tools/vault-unseal-and-authorise.sh before doing anything else.
Do you want to proceed anyway? (y/n): n
...

$ ./tools/vault-unseal-and-authorise.sh
...

$ ./configure
...
```

Before:

```
$ ./configure
...
+ ./bin/neutron-ext-net-ksv3 --project admin --network-type flat
  -g 10.5.0.1 -c 10.5.0.0/16 -f 10.5.150.0:10.5.200.254 ext_net
/usr/lib/python3/dist-packages/keystoneauth1/adapter.py:235:
   UserWarning: Using keystoneclient sessions has been deprecated.
   Please update your software to use keystoneauth1.
  warnings.warn('Using keystoneclient sessions has been deprecated. '
Traceback (most recent call last):
<...>
neutronclient.common.exceptions.BadRequest: <!DOCTYPE HTML PUBLIC ...
<...>
<p>Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
 Instead use the HTTPS scheme to access this URL, please.<br />
<...>
```

After:

```
$ ./configure
...
+ ./bin/neutron-ext-net-ksv3 --project admin --network-type flat
   -g 10.5.0.1 -c 10.5.0.0/16 -f 10.5.150.0:10.5.200.254 ext_net
/usr/lib/python3/dist-packages/keystoneauth1/adapter.py:235:
   UserWarning: Using keystoneclient sessions has been deprecated.
   Please update your software to use keystoneauth1.
  warnings.warn('Using keystoneclient sessions has been deprecated. '
INFO:root:Configuring external network 'ext_net'
INFO:root:Creating new external network definition: ext_net
INFO:root:New external network created: e8981a8a-6bad-469b-aef6-...
...
```

Fixes: 45aac547f12d ("novarc: uninitialized vault prompt")
Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
---
 openstack/novarc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openstack/novarc b/openstack/novarc
index 2dfd7f04..70e9d457 100644
--- a/openstack/novarc
+++ b/openstack/novarc
@@ -40,8 +40,8 @@ END
                     return;;
             esac
         fi
-        export OS_AUTH_PROTOCOL=https
     fi
+    export OS_AUTH_PROTOCOL=https
 else
     unset OS_AUTH_PROTOCOL
 fi