From 91ce3cea1da0db29b9d938dac92e71cdf11534ef Mon Sep 17 00:00:00 2001
From: Frode Nordahl <frode.nordahl@canonical.com>
Date: Mon, 26 Aug 2019 11:37:22 +0200
Subject: [PATCH] Remove TLS related helpers

We will add these further up the stack in ``layer-openstack``,
addition counterpart: I12f45236632b608e07fdd35d31b90b84ca92eb1f

Make some adjustments so the build job used solemnly for gate
testing can pass again.

Needed-By: I8a72acd451dd21e1b042b7f71f6d98e164737ac1
Depends-On: I12f45236632b608e07fdd35d31b90b84ca92eb1f
Closes-Bug: #1840899
Change-Id: I007275c041ca5465664a6b5d441e56c0316c405d
---
 README.md                       |  1 -
 config.yaml                     | 19 -----------------
 layer.yaml                      |  3 +--
 metadata.yaml                   |  1 +
 reactive/layer_openstack_api.py | 37 +--------------------------------
 requirements.txt                |  1 -
 tox.ini                         |  3 +--
 7 files changed, 4 insertions(+), 61 deletions(-)

diff --git a/README.md b/README.md
index 6296d0a..bec8fcb 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,6 @@ This layer provides the base layer for OpenStack charms that are will deploy
 API services, and provides all of the core functionality for:
 
  - HA (using the hacluster charm)
- - SSL (using configuration options or keystone for certificates)
  - Juju 2.0 network space support for API endpoints
  - Configuration based network binding of API endpoints
 
diff --git a/config.yaml b/config.yaml
index 6135f71..331f307 100644
--- a/config.yaml
+++ b/config.yaml
@@ -122,22 +122,3 @@ options:
     description: |
       Default CIDR netmask to use for HA vip when it cannot be automatically
       determined.
-  ssl_cert:
-    type: string
-    default:
-    description: |
-      SSL certificate to install and use for API ports.  Setting this value
-      and ssl_key will enable reverse proxying, point Glance's entry in the
-      Keystone catalog to use https, and override any certficiate and key
-      issued by Keystone (if it is configured to do so).
-  ssl_key:
-    type: string
-    default:
-    description: |
-      SSL key to use with certificate specified as ssl_cert.
-  ssl_ca:
-    type: string
-    default:
-    description: |
-      SSL CA to use with the certificate and key provided - this is only
-      required if you are providing a privately signed ssl_cert and ssl_key.
diff --git a/layer.yaml b/layer.yaml
index 29a73d5..1e4209d 100644
--- a/layer.yaml
+++ b/layer.yaml
@@ -1,5 +1,4 @@
 includes: ['layer:openstack-principle', 'interface:mysql-shared',
            'interface:rabbitmq', 'interface:keystone',
-           'interface:hacluster', 'interface:openstack-ha',
-           'interface:tls-certificates', 'layer:tls-client']
+           'interface:hacluster', 'interface:openstack-ha']
 repo: 'https://github.com/openstack/charm-layer-openstack-api'
diff --git a/metadata.yaml b/metadata.yaml
index baa6f4c..b6da4fc 100644
--- a/metadata.yaml
+++ b/metadata.yaml
@@ -4,6 +4,7 @@ maintainer: OpenStack Charmers <openstack-charmers@lists.ubuntu.com>
 description: Layer for all OpenStack charms providing API services
 tags:
   - openstack
+series: []
 subordinate: false
 extra-bindings:
   public:
diff --git a/reactive/layer_openstack_api.py b/reactive/layer_openstack_api.py
index 13d1247..d722cce 100644
--- a/reactive/layer_openstack_api.py
+++ b/reactive/layer_openstack_api.py
@@ -1,8 +1,6 @@
-# attempt to move the default status handler here:
-import charmhelpers.core.hookenv as hookenv
+import charms.reactive as reactive
 
 import charms_openstack.charm as charm
-import charms.reactive as reactive
 
 
 @reactive.when('amqp.connected',
@@ -51,36 +49,3 @@ def default_setup_endpoint_connection(keystone):
                                     instance.internal_url,
                                     instance.admin_url)
         instance.assess_status()
-
-
-@reactive.when('identity-service.available',
-               'charms.openstack.do-default-identity-service.available')
-def default_setup_endpoint_available(keystone):
-    """When the identity-service interface is available, this default
-    handler switches on the SSL support.
-    """
-    with charm.provide_charm_instance() as instance:
-        instance.configure_ssl(keystone)
-        instance.assess_status()
-
-
-@reactive.when('certificates.available')
-def default_setup_certificates(tls):
-    """When the identity-service interface is available, this default
-    handler switches on the SSL support.
-    """
-    with charm.provide_charm_instance() as instance:
-        for cn, req in instance.get_certificate_requests().items():
-            tls.add_request_server_cert(cn, req['sans'])
-        tls.request_server_certs()
-        instance.assess_status()
-
-
-@reactive.when('certificates.batch.cert.available')
-def default_setup_endpoint_available(tls):
-    """When the identity-service interface is available, this default
-    handler switches on the SSL support.
-    """
-    with charm.provide_charm_instance() as instance:
-        instance.configure_ssl(tls)
-        instance.assess_status()
diff --git a/requirements.txt b/requirements.txt
index 5625389..0bfc41d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,4 @@
 # Requirements to build the layer
 charm-tools
-ruamel.yaml==0.10.12
 simplejson
 flake8
diff --git a/tox.ini b/tox.ini
index 1ed71d3..ecda808 100644
--- a/tox.ini
+++ b/tox.ini
@@ -33,7 +33,6 @@ commands =
   /bin/ln -s {envdir}/tmp/build {toxinidir}/build
 
 [testenv:venv]
-basepython = python3
 commands = {posargs}
 
 [testenv:py27]
@@ -68,4 +67,4 @@ commands = /bin/true
 
 [testenv:pep8]
 basepython = python3
-commands = /bin/true
+commands = flake8 --ignore=E402 actions/ reactive/