Render certs for all endpoint types

When using user supplied certs directly to the charms make sure
that the bundles which are passed in are rendered for all
supported endpoint types (internal, admin and public).

Closes-Bug: #1750915
Change-Id: If62fd5528470653586b2be3aaef7f829e5abad40
This commit is contained in:
Liam Young 2018-03-06 14:54:50 +00:00
parent d8e6722c45
commit 4949dc2412
2 changed files with 29 additions and 8 deletions

View File

@ -579,12 +579,15 @@ class HAOpenStackCharm(OpenStackAPICharm):
]
"""
if self.config_defined_ssl_key and self.config_defined_ssl_cert:
return [{
'key': self.config_defined_ssl_key.decode('utf-8'),
'cert': self.config_defined_ssl_cert.decode('utf-8'),
'ca': (self.config_defined_ssl_ca.decode('utf-8')
if self.config_defined_ssl_ca else None),
'cn': self.get_default_cn()}]
ssl_artifacts = []
for ep_type in [os_ip.INTERNAL, os_ip.ADMIN, os_ip.PUBLIC]:
ssl_artifacts.append({
'key': self.config_defined_ssl_key.decode('utf-8'),
'cert': self.config_defined_ssl_cert.decode('utf-8'),
'ca': (self.config_defined_ssl_ca.decode('utf-8')
if self.config_defined_ssl_ca else None),
'cn': os_ip.resolve_address(endpoint_type=ep_type)})
return ssl_artifacts
elif keystone_interface:
keys_and_certs = []
for addr in self.get_local_addresses():

View File

@ -671,25 +671,43 @@ class TestHAOpenStackCharm(BaseOpenStackCharmTest):
'ssl_key': base64.b64encode(b'key'),
'ssl_cert': base64.b64encode(b'cert'),
'ssl_ca': base64.b64encode(b'ca')}
addresses = {
'admin': 'adm_addr',
'int': 'int_addr',
'public': 'pub_addr'}
self.patch_target('config', new=config)
self.patch_object(chm.os_ip, 'resolve_address', 'addr')
self.resolve_address.side_effect = \
lambda endpoint_type=None: addresses[endpoint_type]
self.patch_object(chm.os_utils, 'snap_install_requested',
return_value=False)
self.assertEqual(
self.target.get_certs_and_keys(),
[{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'addr'}])
[
{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'int_addr'},
{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'adm_addr'},
{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'pub_addr'}])
def test_get_certs_and_keys_noca(self):
config = {
'ssl_key': base64.b64encode(b'key'),
'ssl_cert': base64.b64encode(b'cert')}
addresses = {
'admin': 'adm_addr',
'int': 'int_addr',
'public': 'pub_addr'}
self.patch_target('config', new=config)
self.patch_object(chm.os_ip, 'resolve_address', 'addr')
self.resolve_address.side_effect = \
lambda endpoint_type=None: addresses[endpoint_type]
self.patch_object(chm.os_utils, 'snap_install_requested',
return_value=False)
self.assertEqual(
self.target.get_certs_and_keys(),
[{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'addr'}])
[
{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'int_addr'},
{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'adm_addr'},
{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'pub_addr'}])
def test_get_certs_and_keys_ks_interface(self):
class KSInterface(object):