Merge "ssl_cert and ssl_key file can be one big .pem file"

This commit is contained in:
Jenkins 2016-04-21 15:16:59 +00:00 committed by Gerrit Code Review
commit c96631c992
2 changed files with 46 additions and 15 deletions

View File

@ -80,30 +80,29 @@ ssl_cert_file = File.join(node['openstack']['dashboard']['ssl']['cert_dir'], nod
ssl_key_file = File.join(node['openstack']['dashboard']['ssl']['key_dir'], node['openstack']['dashboard']['ssl']['key'])
if node['openstack']['dashboard']['use_ssl']
cert_mode = 00644
cert_owner = 'root'
cert_group = 'root'
file ssl_cert_file.to_s do
content ssl_cert
unless ssl_cert_file == ssl_key_file
cert_mode = 00644
cert_owner = 'root'
cert_group = 'root'
mode cert_mode
owner cert_owner
group cert_group
notifies :run, 'execute[restore-selinux-context]', :immediately
file ssl_cert_file do
content ssl_cert
mode cert_mode
owner cert_owner
group cert_group
notifies :run, 'execute[restore-selinux-context]', :immediately
end
end
key_mode = 00640
key_owner = 'root'
key_group = node['openstack']['dashboard']['key_group']
file ssl_key_file.to_s do
file ssl_key_file do
content ssl_key
mode key_mode
owner key_owner
group key_group
notifies :run, 'execute[restore-selinux-context]', :immediately
end
end

View File

@ -78,7 +78,7 @@ describe 'openstack-dashboard::apache2-server' do
end
describe 'certs' do
describe 'get seceret' do
describe 'get secret' do
let(:pem) { chef_run.file('/etc/ssl/certs/horizon.pem') }
let(:key) { chef_run.file('/etc/ssl/private/horizon.key') }
@ -98,6 +98,37 @@ describe 'openstack-dashboard::apache2-server' do
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
expect(key).to notify('execute[restore-selinux-context]').to(:run)
end
end
describe 'get secret with only one pem' do
let(:key) { chef_run.file('/etc/ssl/private/horizon.pem') }
before do
node.set['openstack']['dashboard']['ssl'].tap do |ssl|
ssl['cert_dir'] = ssl['key_dir'] = '/etc/ssl/private'
ssl['cert'] = ssl['key'] = 'horizon.pem'
end
end
it do
expect(chef_run).not_to create_file('/etc/ssl/private/horizon.pem')
.with(
content: 'horizon_pem_value',
user: 'root',
group: 'root',
mode: 0644
)
end
it do
expect(chef_run).to create_file('/etc/ssl/private/horizon.pem').with(
content: 'horizon_pem_value',
user: 'root',
group: 'ssl-cert',
mode: 0640
)
expect(key).to notify('execute[restore-selinux-context]').to(:run)
end
it 'does not mess with certs if ssl not enabled' do
node.set['openstack']['dashboard']['use_ssl'] = false
@ -105,7 +136,8 @@ describe 'openstack-dashboard::apache2-server' do
expect(chef_run).not_to create_file('/etc/ssl/certs/horizon.key')
end
end
describe 'get different seceret' do
describe 'get different secret' do
let(:pem) { chef_run.file('/etc/anypath/any.pem') }
let(:key) { chef_run.file('/etc/anypath/any.key') }