Merge "Add ssl-ca configuration option"

This commit is contained in:
Zuul 2018-04-16 13:38:19 +00:00 committed by Gerrit Code Review
commit 5b5df7fe7f
2 changed files with 18 additions and 0 deletions

View File

@ -37,3 +37,8 @@ options:
default: ""
description: >-
The SSL key, base64-encoded.
ssl-ca:
type: string
default: ""
description: >-
The SSL Root CA certificate, base64-encoded.

View File

@ -1,5 +1,6 @@
import base64
import psycopg2
import subprocess
from charmhelpers.contrib.charmsupport.nrpe import (
NRPE,
@ -174,6 +175,13 @@ def configure_ssl():
set_state('vault.ssl.available')
else:
remove_state('vault.ssl.available')
if c['ssl-ca']:
ssl_ca = base64.decodestring(c['ssl-ca'].encode())
write_file('/usr/local/share/ca-certificates/vault-ca.crt',
ssl_ca, perms=0o644)
subprocess.check_call(['update-ca-certificates', '--fresh'])
set_state('vault.ssl.configured')
status_set('active', 'SSL key and cert installed')
remove_state('configured')
@ -194,6 +202,11 @@ def ssl_key_changed():
remove_state('vault.ssl.configured')
@when('config.changed.ssl-ca')
def ssl_ca_changed():
remove_state('vault.ssl.configured')
@when('configured')
@when('nrpe-external-master.available')
@when_not('vault.nrpe.configured')