Render certs for all endpoint types
When using user supplied certs directly to the charms make sure that the bundles which are passed in are rendered for all supported endpoint types (internal, admin and public). Closes-Bug: #1750915 Change-Id: If62fd5528470653586b2be3aaef7f829e5abad40
This commit is contained in:
parent
d8e6722c45
commit
4949dc2412
|
@ -579,12 +579,15 @@ class HAOpenStackCharm(OpenStackAPICharm):
|
|||
]
|
||||
"""
|
||||
if self.config_defined_ssl_key and self.config_defined_ssl_cert:
|
||||
return [{
|
||||
'key': self.config_defined_ssl_key.decode('utf-8'),
|
||||
'cert': self.config_defined_ssl_cert.decode('utf-8'),
|
||||
'ca': (self.config_defined_ssl_ca.decode('utf-8')
|
||||
if self.config_defined_ssl_ca else None),
|
||||
'cn': self.get_default_cn()}]
|
||||
ssl_artifacts = []
|
||||
for ep_type in [os_ip.INTERNAL, os_ip.ADMIN, os_ip.PUBLIC]:
|
||||
ssl_artifacts.append({
|
||||
'key': self.config_defined_ssl_key.decode('utf-8'),
|
||||
'cert': self.config_defined_ssl_cert.decode('utf-8'),
|
||||
'ca': (self.config_defined_ssl_ca.decode('utf-8')
|
||||
if self.config_defined_ssl_ca else None),
|
||||
'cn': os_ip.resolve_address(endpoint_type=ep_type)})
|
||||
return ssl_artifacts
|
||||
elif keystone_interface:
|
||||
keys_and_certs = []
|
||||
for addr in self.get_local_addresses():
|
||||
|
|
|
@ -671,25 +671,43 @@ class TestHAOpenStackCharm(BaseOpenStackCharmTest):
|
|||
'ssl_key': base64.b64encode(b'key'),
|
||||
'ssl_cert': base64.b64encode(b'cert'),
|
||||
'ssl_ca': base64.b64encode(b'ca')}
|
||||
addresses = {
|
||||
'admin': 'adm_addr',
|
||||
'int': 'int_addr',
|
||||
'public': 'pub_addr'}
|
||||
self.patch_target('config', new=config)
|
||||
self.patch_object(chm.os_ip, 'resolve_address', 'addr')
|
||||
self.resolve_address.side_effect = \
|
||||
lambda endpoint_type=None: addresses[endpoint_type]
|
||||
self.patch_object(chm.os_utils, 'snap_install_requested',
|
||||
return_value=False)
|
||||
self.assertEqual(
|
||||
self.target.get_certs_and_keys(),
|
||||
[{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'addr'}])
|
||||
[
|
||||
{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'int_addr'},
|
||||
{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'adm_addr'},
|
||||
{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'pub_addr'}])
|
||||
|
||||
def test_get_certs_and_keys_noca(self):
|
||||
config = {
|
||||
'ssl_key': base64.b64encode(b'key'),
|
||||
'ssl_cert': base64.b64encode(b'cert')}
|
||||
addresses = {
|
||||
'admin': 'adm_addr',
|
||||
'int': 'int_addr',
|
||||
'public': 'pub_addr'}
|
||||
self.patch_target('config', new=config)
|
||||
self.patch_object(chm.os_ip, 'resolve_address', 'addr')
|
||||
self.resolve_address.side_effect = \
|
||||
lambda endpoint_type=None: addresses[endpoint_type]
|
||||
self.patch_object(chm.os_utils, 'snap_install_requested',
|
||||
return_value=False)
|
||||
self.assertEqual(
|
||||
self.target.get_certs_and_keys(),
|
||||
[{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'addr'}])
|
||||
[
|
||||
{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'int_addr'},
|
||||
{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'adm_addr'},
|
||||
{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'pub_addr'}])
|
||||
|
||||
def test_get_certs_and_keys_ks_interface(self):
|
||||
class KSInterface(object):
|
||||
|
|
Loading…
Reference in New Issue