Merge "Rework enforce_ssl to use host name, not address"
This commit is contained in:
commit
403a678bc0
|
@ -31,8 +31,10 @@ from charmhelpers.contrib.openstack.context import (
|
|||
HAProxyContext,
|
||||
context_complete
|
||||
)
|
||||
from charmhelpers.contrib.openstack.ip import (
|
||||
resolve_address,
|
||||
)
|
||||
from charmhelpers.contrib.openstack.utils import (
|
||||
get_host_ip,
|
||||
git_default_repos,
|
||||
git_pip_venv_dir,
|
||||
)
|
||||
|
@ -215,14 +217,7 @@ class ApacheContext(OSContextGenerator):
|
|||
if config('enforce-ssl'):
|
||||
# NOTE(dosaboy): if ssl is not configured we shouldn't allow this
|
||||
if all(get_cert()):
|
||||
if config('vip'):
|
||||
addr = config('vip')
|
||||
elif config('prefer-ipv6'):
|
||||
addr = format_ipv6_addr(get_ipv6_addr()[0])
|
||||
else:
|
||||
addr = get_host_ip(unit_get('private-address'))
|
||||
|
||||
ctxt['ssl_addr'] = addr
|
||||
ctxt['ssl_addr'] = resolve_address()
|
||||
else:
|
||||
log("Enforce ssl redirect requested but ssl not configured - "
|
||||
"skipping redirect", level=WARNING)
|
||||
|
|
|
@ -32,7 +32,7 @@ TO_PATCH = [
|
|||
'local_unit',
|
||||
'unit_get',
|
||||
'pwgen',
|
||||
'get_host_ip'
|
||||
'resolve_address',
|
||||
]
|
||||
|
||||
|
||||
|
@ -67,10 +67,10 @@ class TestHorizonContexts(CharmTestCase):
|
|||
|
||||
def test_Apachecontext_enforce_ssl(self):
|
||||
self.test_config.set('enforce-ssl', True)
|
||||
self.get_host_ip.return_value = '10.0.0.1'
|
||||
self.resolve_address.return_value = 'horizon.example.stack'
|
||||
self.assertEqual(horizon_contexts.ApacheContext()(),
|
||||
{'http_port': 70, 'https_port': 433,
|
||||
'ssl_addr': '10.0.0.1'})
|
||||
'ssl_addr': 'horizon.example.stack'})
|
||||
|
||||
@patch.object(horizon_contexts, 'get_ca_cert', lambda: None)
|
||||
@patch('os.chmod')
|
||||
|
|
Loading…
Reference in New Issue