[Wordpress-charmers] [Merge] ~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress:admin-not-tls into charm-k8s-wordpress:master

Tue, 12 Jan 2021 07:48:28 -0800 

Tom Haddon has proposed merging 
~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress:admin-not-tls into 
charm-k8s-wordpress:master.

Commit message:
Don't force TLS on the admin site if don't have a tls_secret_name configured, 
to avoid one step in local set up

Requested reviews:
  Canonical IS Reviewers (canonical-is-reviewers)
  Wordpress Charmers (wordpress-charmers)

For more details, see:
https://code.launchpad.net/~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress/+merge/396185

Don't force TLS on the admin site if don't have a tls_secret_name configured, 
to avoid one step in local set up
-- 
Your team Wordpress Charmers is requested to review the proposed merge of 
~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress:admin-not-tls into 
charm-k8s-wordpress:master.

diff --git a/image-builder/files/wp-config.php b/image-builder/files/wp-config.php
index b47b161..696b14d 100644
--- a/image-builder/files/wp-config.php
+++ b/image-builder/files/wp-config.php
@@ -21,8 +21,15 @@ if ( getenv("WORDPRESS_DEBUG") ) {
 
 /** Fixes for mixed content when WordPress is behind nginx TLS reverse proxy.
  * https://ahenriksson.com/2020/01/27/how-to-set-up-wordpress-behind-a-reverse-proxy-when-using-nginx/
+ * Check if we have a WORDPRESS_TLS_DISABLED environment variable, and if so
+ * don't force logins to the admin site to be via TLS (this can be done to
+ * make local testing one step easier).
  * */
-define('FORCE_SSL_ADMIN', true);
+if ( getenv("WORDPRESS_TLS_DISABLED") ){
+    define('FORCE_SSL_ADMIN', false);
+} else {
+    define('FORCE_SSL_ADMIN', true);
+}
 if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
  $_SERVER['HTTPS']='on';
 
diff --git a/src/charm.py b/src/charm.py
index f1a2252..919a85e 100755
--- a/src/charm.py
+++ b/src/charm.py
@@ -33,6 +33,8 @@ def generate_pod_config(config, secured=True):
     pod_config["WORDPRESS_DB_HOST"] = config["db_host"]
     pod_config["WORDPRESS_DB_NAME"] = config["db_name"]
     pod_config["WORDPRESS_DB_USER"] = config["db_user"]
+    if not config["tls_secret_name"]:
+        pod_config["WORDPRESS_TLS_DISABLED"] = "true"
     if config.get("wp_plugin_openid_team_map"):
         pod_config["WP_PLUGIN_OPENID_TEAM_MAP"] = config["wp_plugin_openid_team_map"]
 
diff --git a/tests/unit/test_wordpress.py b/tests/unit/test_wordpress.py
index 92712e7..47cf8be 100644
--- a/tests/unit/test_wordpress.py
+++ b/tests/unit/test_wordpress.py
@@ -82,6 +82,15 @@ class HelperTest(unittest.TestCase):
         test_container_config = yaml.safe_load(self.test_model_config["container_config"])
         self.assertEqual(test_container_config["test-key"], result["test-key"])
 
+        # Test we pass set WORDPRESS_TLS_ENABLED if we have `tls_secret_name`.
+        result = charm.generate_pod_config(self.test_model_config)
+        self.assertNotIn("WORDPRESS_TLS_DISABLED", result)
+        # Remove `tls_secret_name` and test again.
+        non_tls_secret_config = copy.deepcopy(self.test_model_config)
+        non_tls_secret_config["tls_secret_name"] = ""
+        result = charm.generate_pod_config(non_tls_secret_config)
+        self.assertEqual(result["WORDPRESS_TLS_DISABLED"], "true")
+
 
 class WordpressTest(unittest.TestCase):
 

-- 
Mailing list: https://launchpad.net/~wordpress-charmers
Post to     : wordpress-charmers@lists.launchpad.net
Unsubscribe : https://launchpad.net/~wordpress-charmers
More help   : https://help.launchpad.net/ListHelp

Reply via email to