Only add OIDCXForwardedHeaders when variable is set

seunghun1ee · Alex-Welsh · commit e403c935e6fe · 2025-08-11T09:38:36.000+01:00
Currently the option OIDCXForwardedHeaders is added to wsgi-keystone.conf even when ``keystone_federation_oidc_forwarded_headers`` is empty. However, OIDCXForwardedHeaders cannot be used with empty value. This change fixes it by adding length check to the value of the variable ``keystone_federation_oidc_forwarded_headers``. Closes-Bug: #2119344 Change-Id: I516eb2cd967b4d5112fabe77f79cbf3421ec3318 Signed-off-by: Seunghun Lee <seunghun@stackhpc.com> (cherry picked from commit d973573)
diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -58,7 +58,9 @@ LogLevel info
 {% endif -%}
 
 {% if keystone_enable_federation_openid | bool %}
+{% if keystone_federation_oidc_forwarded_headers | length > 0 %}
     OIDCXForwardedHeaders "{{ keystone_federation_oidc_forwarded_headers }}"
+{% endif %}
     OIDCClaimPrefix "OIDC-"
     OIDCClaimDelimiter "{{ keystone_federation_oidc_claim_delimiter }}"
     OIDCResponseType "{{ keystone_federation_oidc_response_type }}"
diff --git a/releasenotes/notes/fix-oidc-x-forwarded-headers-option-edb945bfcb98c691.yaml b/releasenotes/notes/fix-oidc-x-forwarded-headers-option-edb945bfcb98c691.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes the bug where Keystone become unable to start when the option
+    ``OIDCXForwardedHeaders`` is set with empty string in
+    ``wsgi-keystone.conf``.
+    `LP#2119344 <https://bugs.launchpad.net/kolla-ansible/+bug/2119344>`__
