From 3f4b2b97b68cecdfc3b14f4a1e6156fcbf4c5696 Mon Sep 17 00:00:00 2001
From: "Ritchie, Frank (fr801x)" <fr801x@att.com>
Date: Mon, 24 Jan 2022 12:20:52 -0600
Subject: [PATCH] Add ssl_minimum_version tls1.2 to tls overrides

This change adds the minimum version of tls1.2 to not allow insecure
older tls versions to be allowed.

Change-Id: I880ac1caf31d2a26ca78389d5f96b07cf42b61ac
---
 nova/Chart.yaml                | 2 +-
 nova/values_overrides/tls.yaml | 2 ++
 releasenotes/notes/nova.yaml   | 1 +
 zuul.d/project.yaml            | 1 +
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/nova/Chart.yaml b/nova/Chart.yaml
index 75b90a8a83..a253a0cec2 100644
--- a/nova/Chart.yaml
+++ b/nova/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nova
 name: nova
-version: 0.2.26
+version: 0.2.27
 home: https://docs.openstack.org/nova/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
 sources:
diff --git a/nova/values_overrides/tls.yaml b/nova/values_overrides/tls.yaml
index cf020ada24..252fe78b4d 100644
--- a/nova/values_overrides/tls.yaml
+++ b/nova/values_overrides/tls.yaml
@@ -126,6 +126,8 @@ conf:
         WSGIPassAuthorization On
     </Location>
   nova:
+    DEFAULT:
+      ssl_minimum_version: tlsv1_2
     glance:
       cafile: /etc/nova/certs/ca.crt
     ironic:
diff --git a/releasenotes/notes/nova.yaml b/releasenotes/notes/nova.yaml
index a3d757f841..5d6f561668 100644
--- a/releasenotes/notes/nova.yaml
+++ b/releasenotes/notes/nova.yaml
@@ -47,4 +47,5 @@ nova:
   - 0.2.24 Fix nova-bootstrap job labels
   - 0.2.25 Add check for compute nodes
   - 0.2.26 Fix _ssh-init.sh.tpl to copy the ssh keys to the user on the security context
+  - 0.2.27 Add tls1.2 minimum version to tls overrides
 ...
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index dbd69dfffa..cb736cdfae 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -33,6 +33,7 @@
         - openstack-helm-compute-kit-wallaby-ubuntu_focal
         - openstack-helm-horizon-train-ubuntu_bionic
         - openstack-helm-keystone-ldap
+        - openstack-helm-tls
     gate:
       jobs:
         - openstack-helm-lint