Make config provided CA optional

When SSL cert and key are provided via configuration, and are signed
by a known trusted CA, there is no need to configure the ssl_ca
option as system installed certificates will cover the trust chain
already.

Make this option optional.

Change-Id: I630d5fddb158497cb4e69f45f0c45e1f33c730f3
Closes-Bug: 1713922
This commit is contained in:
James Page 2017-09-07 10:08:41 +01:00
parent 62f0b4769b
commit 1e35390d63
2 changed files with 11 additions and 1 deletions

View File

@ -460,7 +460,8 @@ class HAOpenStackCharm(OpenStackAPICharm):
return [{
'key': self.config_defined_ssl_key.decode('utf-8'),
'cert': self.config_defined_ssl_cert.decode('utf-8'),
'ca': self.config_defined_ssl_ca.decode('utf-8'),
'ca': (self.config_defined_ssl_ca.decode('utf-8')
if self.config_defined_ssl_ca else None),
'cn': None}]
elif keystone_interface:
keys_and_certs = []

View File

@ -568,6 +568,15 @@ class TestHAOpenStackCharm(BaseOpenStackCharmTest):
self.target.get_certs_and_keys(),
[{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': None}])
def test_get_certs_and_keys_noca(self):
config = {
'ssl_key': base64.b64encode(b'key'),
'ssl_cert': base64.b64encode(b'cert')}
self.patch_target('config', new=config)
self.assertEqual(
self.target.get_certs_and_keys(),
[{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': None}])
def test_get_certs_and_keys_ks_interface(self):
class KSInterface(object):
def get_ssl_key(self, key):