Use correct certificate when ``os-public-hostname`` configration option is set
Note that this is a short term kludge/fix, on the long term we should ditch the charm specific ApacheSSLContext and use the common one from charm-helpers with an adapted Apache config inspired from the ``openstack_https_fronted`` template Change-Id: I74c17113f431c4c21f638be6abffaeeb693f1462 Closes-Bug: #1816621
This commit is contained in:
parent
0edeceb80a
commit
256f971c78
|
@ -376,8 +376,28 @@ def certs_joined(relation_id=None):
|
|||
|
||||
@hooks.hook('certificates-relation-changed')
|
||||
def certs_changed(relation_id=None, unit=None):
|
||||
process_certificates('horizon', relation_id, unit,
|
||||
custom_hostname_link='dashboard')
|
||||
if config('os-public-hostname'):
|
||||
# NOTE(fnordahl): Kludge to fix LP: #1816621
|
||||
# Long term fix is to use the common ApacheSSLContext from
|
||||
# charm-helpers and adapt the Apache config along the lines of
|
||||
# ``charmhelpers/contrib/openstack/templates/openstack_https_frontend``
|
||||
process_certificates('horizon', relation_id, unit)
|
||||
ssl_dir = '/etc/apache2/ssl/horizon'
|
||||
cert = os.path.join(
|
||||
ssl_dir,
|
||||
'{}_{}'.format('cert', config('os-public-hostname')))
|
||||
key = os.path.join(
|
||||
ssl_dir,
|
||||
'{}_{}'.format('key', config('os-public-hostname')))
|
||||
cert_link = os.path.join(ssl_dir, 'cert_dashboard')
|
||||
key_link = os.path.join(ssl_dir, 'key_dashboard')
|
||||
for source, dest in [(cert, cert_link), (key, key_link)]:
|
||||
if os.path.exists(dest):
|
||||
os.remove(dest)
|
||||
os.symlink(source, dest)
|
||||
else:
|
||||
process_certificates('horizon', relation_id, unit,
|
||||
custom_hostname_link='dashboard')
|
||||
CONFIGS.write_all()
|
||||
service_reload('apache2')
|
||||
enable_ssl()
|
||||
|
|
|
@ -330,3 +330,34 @@ class TestHorizonHooks(CharmTestCase):
|
|||
"path": "/auth/websso/",
|
||||
}),
|
||||
])
|
||||
|
||||
@patch.object(hooks.os, 'symlink')
|
||||
@patch.object(hooks.os, 'remove')
|
||||
@patch.object(hooks.os.path, 'exists')
|
||||
@patch.object(hooks, 'service_reload')
|
||||
@patch.object(hooks, 'process_certificates')
|
||||
def test_certs_changed(self, _process_certificates, _service_reload,
|
||||
_exists, _remove, _symlink):
|
||||
self._call_hook('certificates-relation-changed')
|
||||
_process_certificates.assert_called_with(
|
||||
'horizon', None, None, custom_hostname_link='dashboard')
|
||||
self.assertFalse(_symlink.called)
|
||||
self.CONFIGS.write_all.assert_called_with()
|
||||
_service_reload.assert_called_with('apache2')
|
||||
self.enable_ssl.assert_called_with()
|
||||
_process_certificates.reset_mock()
|
||||
self.config.side_effect = None
|
||||
self.config.return_value = 'somehostname'
|
||||
_exists.return_value = True
|
||||
self._call_hook('certificates-relation-changed')
|
||||
_process_certificates.assert_called_with('horizon', None, None)
|
||||
_remove.assert_has_calls([
|
||||
call('/etc/apache2/ssl/horizon/cert_dashboard'),
|
||||
call('/etc/apache2/ssl/horizon/key_dashboard'),
|
||||
])
|
||||
_symlink.assert_has_calls([
|
||||
call('/etc/apache2/ssl/horizon/cert_somehostname',
|
||||
'/etc/apache2/ssl/horizon/cert_dashboard'),
|
||||
call('/etc/apache2/ssl/horizon/key_somehostname',
|
||||
'/etc/apache2/ssl/horizon/key_dashboard'),
|
||||
])
|
||||
|
|
Loading…
Reference in New Issue