Only b64encode ssl_ca if it needs it
The description of the ssl_ca config option in config.yaml states that the certificate should be base64 encoded. But if it is then the charm b64encodes it again when sending the ca down the client relations. This change gates encoding the ca on whether it is already encoded. Change-Id: I9828d7567fd7f04cd0d80229ea1ff1275ea4269e Closes-Bug: #1798066
This commit is contained in:
parent
574ed6ef74
commit
9ccf6d2b95
|
@ -23,6 +23,7 @@ from charmhelpers.core.hookenv import (
|
|||
)
|
||||
|
||||
import base64
|
||||
import binascii
|
||||
|
||||
|
||||
def get_ssl_mode():
|
||||
|
@ -53,8 +54,13 @@ def configure_client_ssl(relation_data):
|
|||
relation_data['ssl_port'] = config('ssl_port')
|
||||
if external_ca:
|
||||
if config('ssl_ca'):
|
||||
relation_data['ssl_ca'] = base64.b64encode(
|
||||
config('ssl_ca'))
|
||||
try:
|
||||
base64.decodestring(config('ssl_ca'))
|
||||
# No need to encode it, it is already encoded.
|
||||
ssl_ca_encoded = config('ssl_ca')
|
||||
except binascii.Error:
|
||||
ssl_ca_encoded = base64.b64encode(config('ssl_ca'))
|
||||
relation_data['ssl_ca'] = ssl_ca_encoded
|
||||
return
|
||||
ca = ServiceCA.get_ca()
|
||||
relation_data['ssl_ca'] = base64.b64encode(ca.get_ca_bundle())
|
||||
|
|
|
@ -110,6 +110,19 @@ class TestSSLUtils(CharmTestCase):
|
|||
relation_data,
|
||||
{'ssl_port': '9090', 'ssl_ca': 'ZXh0X2Nh'})
|
||||
|
||||
@patch('ssl_utils.get_ssl_mode')
|
||||
def test_get_ssl_mode_ssl_on_ext_ca_b64(self, get_ssl_mode):
|
||||
get_ssl_mode.return_value = ('on', True)
|
||||
test_config = {
|
||||
'ssl_port': '9090',
|
||||
'ssl_ca': 'ZXh0X2Nh'}
|
||||
self.config.side_effect = lambda x: test_config[x]
|
||||
relation_data = {}
|
||||
ssl_utils.configure_client_ssl(relation_data)
|
||||
self.assertEqual(
|
||||
relation_data,
|
||||
{'ssl_port': '9090', 'ssl_ca': 'ZXh0X2Nh'})
|
||||
|
||||
@patch('ssl_utils.local_unit')
|
||||
@patch('ssl_utils.relation_ids')
|
||||
@patch('ssl_utils.relation_get')
|
||||
|
|
Loading…
Reference in New Issue