auto-unlock: make things clear about security

Rename auto-unlock configuration option to make things clear to
CLI users that this really is a totally unsecure deployment
option!

Change-Id: I47726c65698bea1c35766d5c3ef16befad8ec72d
This commit is contained in:
James Page 2018-05-08 14:34:54 +01:00
parent 28fb89a44b
commit dbbf4d9a09
4 changed files with 6 additions and 6 deletions

View File

@ -58,7 +58,7 @@ options:
description: |
DNS record to use for DNS HA with MAAS. Do not use vip setting
if this is set.
auto-unlock:
totally-unsecure-auto-unlock:
type: boolean
default: false
description: >-

View File

@ -242,7 +242,7 @@ def can_restart():
safe_restart = False
if not host.service_running('vault'):
safe_restart = True
elif hookenv.config('auto-unlock'):
elif hookenv.config('totally-unsecure-auto-unlock'):
safe_restart = True
else:
client = get_client(url=VAULT_LOCALHOST_URL)

View File

@ -136,7 +136,7 @@ def snap_refresh():
if vault.can_restart():
log("Restarting vault", level=DEBUG)
service_restart('vault')
if config('auto-unlock'):
if config('totally-unsecure-auto-unlock'):
vault.prepare_vault()
else:
set_flag('snap.channel.invalid')
@ -365,7 +365,7 @@ def cluster_connected(hacluster):
def file_change_auto_unlock_mode():
log("Calling opportunistic_restart", level=DEBUG)
vault.opportunistic_restart()
if config('auto-unlock'):
if config('totally-unsecure-auto-unlock'):
vault.prepare_vault()

View File

@ -396,7 +396,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
def test_snap_refresh_restartable(self, can_restart):
conf = {
'channel': 'edge',
'auto-unlock': False}
'totally-unsecure-auto-unlock': False}
self.config.side_effect = lambda x: conf[x]
can_restart.return_value = True
handlers.snap_refresh()
@ -405,7 +405,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
self.clear_flag.assert_called_with('snap.channel.invalid')
config_calls = [
mock.call('channel'),
mock.call('auto-unlock')]
mock.call('totally-unsecure-auto-unlock')]
self.config.assert_has_calls(config_calls)
@patch.object(handlers.vault, 'can_restart')