Only b64encode ssl_ca if it needs it

The description of the ssl_ca config option in config.yaml states
that the certificate should be base64 encoded. But if it is then
the charm b64encodes it again when sending the ca down the client
relations. This change gates encoding the ca on whether it is
already encoded.

Change-Id: I9828d7567fd7f04cd0d80229ea1ff1275ea4269e
Closes-Bug: #1798066
This commit is contained in:
Liam Young 2018-10-16 18:33:48 +00:00
parent 574ed6ef74
commit 9ccf6d2b95
2 changed files with 21 additions and 2 deletions

View File

@ -23,6 +23,7 @@ from charmhelpers.core.hookenv import (
)
import base64
import binascii
def get_ssl_mode():
@ -53,8 +54,13 @@ def configure_client_ssl(relation_data):
relation_data['ssl_port'] = config('ssl_port')
if external_ca:
if config('ssl_ca'):
relation_data['ssl_ca'] = base64.b64encode(
config('ssl_ca'))
try:
base64.decodestring(config('ssl_ca'))
# No need to encode it, it is already encoded.
ssl_ca_encoded = config('ssl_ca')
except binascii.Error:
ssl_ca_encoded = base64.b64encode(config('ssl_ca'))
relation_data['ssl_ca'] = ssl_ca_encoded
return
ca = ServiceCA.get_ca()
relation_data['ssl_ca'] = base64.b64encode(ca.get_ca_bundle())

View File

@ -110,6 +110,19 @@ class TestSSLUtils(CharmTestCase):
relation_data,
{'ssl_port': '9090', 'ssl_ca': 'ZXh0X2Nh'})
@patch('ssl_utils.get_ssl_mode')
def test_get_ssl_mode_ssl_on_ext_ca_b64(self, get_ssl_mode):
get_ssl_mode.return_value = ('on', True)
test_config = {
'ssl_port': '9090',
'ssl_ca': 'ZXh0X2Nh'}
self.config.side_effect = lambda x: test_config[x]
relation_data = {}
ssl_utils.configure_client_ssl(relation_data)
self.assertEqual(
relation_data,
{'ssl_port': '9090', 'ssl_ca': 'ZXh0X2Nh'})
@patch('ssl_utils.local_unit')
@patch('ssl_utils.relation_ids')
@patch('ssl_utils.relation_get')