diff --git a/fuel_ccp/deploy.py b/fuel_ccp/deploy.py index cad44a84..0de44e03 100644 --- a/fuel_ccp/deploy.py +++ b/fuel_ccp/deploy.py @@ -486,6 +486,12 @@ def _create_openrc(config): utils.address('keystone', config['keystone']['public_port'], True, True) ] + if config['security']['tls']['create_certificates']: + with open('ca-cert.pem', 'w') as cert_file: + cert_file.write(config['security']['tls']['ca_cert']) + file_path = os.path.join(os.getcwd(), "ca-cert.pem") + openrc.append("export OS_CACERT=%s" % file_path) + with open('openrc-%s' % config['namespace'], 'w') as openrc_file: openrc_file.write("\n".join(openrc)) LOG.info("Openrc file for this deployment created at %s/openrc-%s", diff --git a/fuel_ccp/tests/test_deploy.py b/fuel_ccp/tests/test_deploy.py index d31db41f..7199e598 100644 --- a/fuel_ccp/tests/test_deploy.py +++ b/fuel_ccp/tests/test_deploy.py @@ -108,6 +108,7 @@ class TestDeploy(base.TestCase): openrc_etalon_file = 'openrc-%s-etalon' % namespace openrc_test_file = 'openrc-%s' % namespace + cert_path = os.path.join(os.getcwd(), 'ca-cert.pem') config = { "openstack": { "project_name": "admin", @@ -116,6 +117,13 @@ class TestDeploy(base.TestCase): }, "keystone": {"public_port": {"cont": 5000}}, "namespace": self.namespace, + "security": { + "tls": { + "create_certificates": "enabled", + "ca_cert": "test_certificate" + } + + } } rc = [ "export OS_PROJECT_DOMAIN_NAME=default", @@ -126,6 +134,7 @@ class TestDeploy(base.TestCase): "export OS_IDENTITY_API_VERSION=3", "export OS_AUTH_URL=http://keystone.ccp.svc.cluster.local:%s/v3" % config['keystone']['public_port']['cont'], + "export OS_CACERT=%s" % cert_path, ] with open(openrc_etalon_file, 'w') as openrc_file: @@ -133,6 +142,7 @@ class TestDeploy(base.TestCase): self.addCleanup(os.remove, openrc_etalon_file) deploy._create_openrc(config) self.addCleanup(os.remove, openrc_test_file) + self.addCleanup(os.remove, "ca-cert.pem") result = filecmp.cmp(openrc_etalon_file, openrc_test_file, shallow=False)