Merge "ssl_cert and ssl_key file can be one big .pem file"
This commit is contained in:
commit
c96631c992
|
@ -80,30 +80,29 @@ ssl_cert_file = File.join(node['openstack']['dashboard']['ssl']['cert_dir'], nod
|
|||
ssl_key_file = File.join(node['openstack']['dashboard']['ssl']['key_dir'], node['openstack']['dashboard']['ssl']['key'])
|
||||
|
||||
if node['openstack']['dashboard']['use_ssl']
|
||||
cert_mode = 00644
|
||||
cert_owner = 'root'
|
||||
cert_group = 'root'
|
||||
file ssl_cert_file.to_s do
|
||||
content ssl_cert
|
||||
unless ssl_cert_file == ssl_key_file
|
||||
cert_mode = 00644
|
||||
cert_owner = 'root'
|
||||
cert_group = 'root'
|
||||
|
||||
mode cert_mode
|
||||
owner cert_owner
|
||||
group cert_group
|
||||
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
file ssl_cert_file do
|
||||
content ssl_cert
|
||||
mode cert_mode
|
||||
owner cert_owner
|
||||
group cert_group
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
end
|
||||
end
|
||||
|
||||
key_mode = 00640
|
||||
key_owner = 'root'
|
||||
key_group = node['openstack']['dashboard']['key_group']
|
||||
|
||||
file ssl_key_file.to_s do
|
||||
file ssl_key_file do
|
||||
content ssl_key
|
||||
|
||||
mode key_mode
|
||||
owner key_owner
|
||||
group key_group
|
||||
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
end
|
||||
end
|
||||
|
|
|
@ -78,7 +78,7 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
end
|
||||
|
||||
describe 'certs' do
|
||||
describe 'get seceret' do
|
||||
describe 'get secret' do
|
||||
let(:pem) { chef_run.file('/etc/ssl/certs/horizon.pem') }
|
||||
let(:key) { chef_run.file('/etc/ssl/private/horizon.key') }
|
||||
|
||||
|
@ -98,6 +98,37 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
|
||||
expect(key).to notify('execute[restore-selinux-context]').to(:run)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'get secret with only one pem' do
|
||||
let(:key) { chef_run.file('/etc/ssl/private/horizon.pem') }
|
||||
|
||||
before do
|
||||
node.set['openstack']['dashboard']['ssl'].tap do |ssl|
|
||||
ssl['cert_dir'] = ssl['key_dir'] = '/etc/ssl/private'
|
||||
ssl['cert'] = ssl['key'] = 'horizon.pem'
|
||||
end
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).not_to create_file('/etc/ssl/private/horizon.pem')
|
||||
.with(
|
||||
content: 'horizon_pem_value',
|
||||
user: 'root',
|
||||
group: 'root',
|
||||
mode: 0644
|
||||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to create_file('/etc/ssl/private/horizon.pem').with(
|
||||
content: 'horizon_pem_value',
|
||||
user: 'root',
|
||||
group: 'ssl-cert',
|
||||
mode: 0640
|
||||
)
|
||||
expect(key).to notify('execute[restore-selinux-context]').to(:run)
|
||||
end
|
||||
|
||||
it 'does not mess with certs if ssl not enabled' do
|
||||
node.set['openstack']['dashboard']['use_ssl'] = false
|
||||
|
@ -105,7 +136,8 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
expect(chef_run).not_to create_file('/etc/ssl/certs/horizon.key')
|
||||
end
|
||||
end
|
||||
describe 'get different seceret' do
|
||||
|
||||
describe 'get different secret' do
|
||||
let(:pem) { chef_run.file('/etc/anypath/any.pem') }
|
||||
let(:key) { chef_run.file('/etc/anypath/any.key') }
|
||||
|
||||
|
|
Loading…
Reference in New Issue