Add support for TLS
- Update address function to use "tls" config option and set scheme to 'https'. Also we check, that service is in list of services, which support TLS. - Add nginx repo to defaults, because it will be used as a proxy service. - Add Runtime error with suggestion to use extra options on cleanup, when 'tls' is enabled. Current patch requires patch in fuel-ccp-nginx repository. Change-Id: I65002b7ff9cfa2faf9d5bce470334aae95334d00 Depends-On: I0660cc3ca2723bc06871b61f859adfed42c0d807
This commit is contained in:
parent
8d1201a332
commit
4e21fddd47
|
@ -62,7 +62,13 @@ def get_config_paths():
|
|||
|
||||
def address(service, port=None, external=False, with_scheme=False):
|
||||
addr = None
|
||||
scheme = 'http'
|
||||
enable_tls = CONF.configs.get(service, {}).get('tls', {}).get('enabled')
|
||||
|
||||
if enable_tls:
|
||||
scheme = 'https'
|
||||
else:
|
||||
scheme = 'http'
|
||||
|
||||
if external:
|
||||
if not port:
|
||||
raise RuntimeError('Port config is required for external address')
|
||||
|
|
|
@ -23,6 +23,7 @@ DEFAULT_REPOS = [
|
|||
'fuel-ccp-sahara',
|
||||
'fuel-ccp-searchlight',
|
||||
'fuel-ccp-stacklight',
|
||||
'fuel-ccp-nginx',
|
||||
]
|
||||
|
||||
DEFAULTS = {
|
||||
|
|
|
@ -2,12 +2,23 @@ from jinja2 import exceptions
|
|||
|
||||
from fuel_ccp.common import jinja_utils
|
||||
from fuel_ccp.common import utils
|
||||
from fuel_ccp import config
|
||||
from fuel_ccp.tests import base
|
||||
|
||||
|
||||
class TestJinjaUtils(base.TestCase):
|
||||
filename = utils.get_resource_path('tests/common/example.j2')
|
||||
|
||||
def setUp(self):
|
||||
super(TestJinjaUtils, self).setUp()
|
||||
conf = config._yaml.AttrDict()
|
||||
conf_dict = {"security": {"tls": {"openstack": {"enabled": False}}},
|
||||
"etcd": {"tls": {"enabled": True}}}
|
||||
prepared_conf = self.nested_dict_to_attrdict(conf_dict)
|
||||
self.conf.configs._merge(prepared_conf)
|
||||
conf._merge(config._REAL_CONF)
|
||||
config._REAL_CONF = conf
|
||||
|
||||
def test_jinja_render_strict(self):
|
||||
context = {
|
||||
"base_distro": "debian",
|
||||
|
@ -15,6 +26,7 @@ class TestJinjaUtils(base.TestCase):
|
|||
"maintainer": "some maintainer",
|
||||
"duck": {"egg": "needle"}
|
||||
}
|
||||
|
||||
content = jinja_utils.jinja_render(self.filename, context,
|
||||
functions=[utils.address])
|
||||
self.assertEqual(
|
||||
|
|
|
@ -165,5 +165,10 @@ class TestAddress(testscenarios.WithScenarios, base.TestCase):
|
|||
'domain': 'external',
|
||||
'port': 8443},
|
||||
'k8s_external_ip': '1.1.1.1'})
|
||||
conf_dict = {"security": {"tls": {"openstack": {"enabled": False}}},
|
||||
"etcd": {"tls": {"enabled": True}}}
|
||||
prepared_conf = self.nested_dict_to_attrdict(conf_dict)
|
||||
self.conf.configs._merge(prepared_conf)
|
||||
|
||||
self.assertEqual(self.address, utils.address(
|
||||
'service', self.port, self.external, self.with_scheme))
|
||||
|
|
|
@ -101,6 +101,11 @@ class TestDeploy(base.TestCase):
|
|||
def test_create_openrc(self):
|
||||
namespace = self.namespace
|
||||
self.conf.configs._merge({'ingress': {'enabled': False}})
|
||||
conf_dict = {"security": {"tls": {"openstack": {"enabled": False}}},
|
||||
"etcd": {"tls": {"enabled": True}}}
|
||||
prepared_conf = self.nested_dict_to_attrdict(conf_dict)
|
||||
self.conf.configs._merge(prepared_conf)
|
||||
|
||||
openrc_etalon_file = 'openrc-%s-etalon' % namespace
|
||||
openrc_test_file = 'openrc-%s' % namespace
|
||||
config = {
|
||||
|
|
Loading…
Reference in New Issue