Use correct certificate when ``os-public-hostname`` configration option is set

Note that this is a short term kludge/fix, on the long term
we should ditch the charm specific ApacheSSLContext and use
the common one from charm-helpers with an adapted Apache
config inspired from the ``openstack_https_fronted`` template

Change-Id: I74c17113f431c4c21f638be6abffaeeb693f1462
Closes-Bug: #1816621
This commit is contained in:
Frode Nordahl 2019-02-21 16:38:55 +01:00
parent 0edeceb80a
commit 256f971c78
No known key found for this signature in database
GPG Key ID: 6A5D59A3BA48373F
2 changed files with 53 additions and 2 deletions

View File

@ -376,8 +376,28 @@ def certs_joined(relation_id=None):
@hooks.hook('certificates-relation-changed')
def certs_changed(relation_id=None, unit=None):
process_certificates('horizon', relation_id, unit,
custom_hostname_link='dashboard')
if config('os-public-hostname'):
# NOTE(fnordahl): Kludge to fix LP: #1816621
# Long term fix is to use the common ApacheSSLContext from
# charm-helpers and adapt the Apache config along the lines of
# ``charmhelpers/contrib/openstack/templates/openstack_https_frontend``
process_certificates('horizon', relation_id, unit)
ssl_dir = '/etc/apache2/ssl/horizon'
cert = os.path.join(
ssl_dir,
'{}_{}'.format('cert', config('os-public-hostname')))
key = os.path.join(
ssl_dir,
'{}_{}'.format('key', config('os-public-hostname')))
cert_link = os.path.join(ssl_dir, 'cert_dashboard')
key_link = os.path.join(ssl_dir, 'key_dashboard')
for source, dest in [(cert, cert_link), (key, key_link)]:
if os.path.exists(dest):
os.remove(dest)
os.symlink(source, dest)
else:
process_certificates('horizon', relation_id, unit,
custom_hostname_link='dashboard')
CONFIGS.write_all()
service_reload('apache2')
enable_ssl()

View File

@ -330,3 +330,34 @@ class TestHorizonHooks(CharmTestCase):
"path": "/auth/websso/",
}),
])
@patch.object(hooks.os, 'symlink')
@patch.object(hooks.os, 'remove')
@patch.object(hooks.os.path, 'exists')
@patch.object(hooks, 'service_reload')
@patch.object(hooks, 'process_certificates')
def test_certs_changed(self, _process_certificates, _service_reload,
_exists, _remove, _symlink):
self._call_hook('certificates-relation-changed')
_process_certificates.assert_called_with(
'horizon', None, None, custom_hostname_link='dashboard')
self.assertFalse(_symlink.called)
self.CONFIGS.write_all.assert_called_with()
_service_reload.assert_called_with('apache2')
self.enable_ssl.assert_called_with()
_process_certificates.reset_mock()
self.config.side_effect = None
self.config.return_value = 'somehostname'
_exists.return_value = True
self._call_hook('certificates-relation-changed')
_process_certificates.assert_called_with('horizon', None, None)
_remove.assert_has_calls([
call('/etc/apache2/ssl/horizon/cert_dashboard'),
call('/etc/apache2/ssl/horizon/key_dashboard'),
])
_symlink.assert_has_calls([
call('/etc/apache2/ssl/horizon/cert_somehostname',
'/etc/apache2/ssl/horizon/cert_dashboard'),
call('/etc/apache2/ssl/horizon/key_somehostname',
'/etc/apache2/ssl/horizon/key_dashboard'),
])