Make config provided CA optional
When SSL cert and key are provided via configuration, and are signed by a known trusted CA, there is no need to configure the ssl_ca option as system installed certificates will cover the trust chain already. Make this option optional. Change-Id: I630d5fddb158497cb4e69f45f0c45e1f33c730f3 Closes-Bug: 1713922
This commit is contained in:
parent
62f0b4769b
commit
1e35390d63
|
@ -460,7 +460,8 @@ class HAOpenStackCharm(OpenStackAPICharm):
|
|||
return [{
|
||||
'key': self.config_defined_ssl_key.decode('utf-8'),
|
||||
'cert': self.config_defined_ssl_cert.decode('utf-8'),
|
||||
'ca': self.config_defined_ssl_ca.decode('utf-8'),
|
||||
'ca': (self.config_defined_ssl_ca.decode('utf-8')
|
||||
if self.config_defined_ssl_ca else None),
|
||||
'cn': None}]
|
||||
elif keystone_interface:
|
||||
keys_and_certs = []
|
||||
|
|
|
@ -568,6 +568,15 @@ class TestHAOpenStackCharm(BaseOpenStackCharmTest):
|
|||
self.target.get_certs_and_keys(),
|
||||
[{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': None}])
|
||||
|
||||
def test_get_certs_and_keys_noca(self):
|
||||
config = {
|
||||
'ssl_key': base64.b64encode(b'key'),
|
||||
'ssl_cert': base64.b64encode(b'cert')}
|
||||
self.patch_target('config', new=config)
|
||||
self.assertEqual(
|
||||
self.target.get_certs_and_keys(),
|
||||
[{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': None}])
|
||||
|
||||
def test_get_certs_and_keys_ks_interface(self):
|
||||
class KSInterface(object):
|
||||
def get_ssl_key(self, key):
|
||||
|
|
Loading…
Reference in New Issue