From eac3e026e76437a9fd8a53475842bc2c3851ca9a Mon Sep 17 00:00:00 2001
From: James Page <james.page@ubuntu.com>
Date: Wed, 25 Oct 2017 13:33:47 +0100
Subject: [PATCH] Misc updates for SSL NGINX configuration

Updates based on SSL testing for NGINX secure server
configuration.

Enable xenial-pike testing as gnocchi 4.0.3 is now
in pike/edge.

Change-Id: Ifc371a07e5d6a09210db5ccc18e895d4c014512f
---
 src/templates/ocata/gnocchi-nginx.conf |  8 +++-----
 src/tests/gate-basic-snap-xenial-pike  | 25 +++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 5 deletions(-)
 create mode 100755 src/tests/gate-basic-snap-xenial-pike

diff --git a/src/templates/ocata/gnocchi-nginx.conf b/src/templates/ocata/gnocchi-nginx.conf
index d114d98..a16f2f9 100644
--- a/src/templates/ocata/gnocchi-nginx.conf
+++ b/src/templates/ocata/gnocchi-nginx.conf
@@ -13,15 +13,13 @@ server {
 {% if options.endpoints -%}
 {% for address, endpoint, ext, int in options.endpoints -%}
 server {
-    listen {{ ext }} {% if options.ssl -%}ssl{% endif -%};
+    listen {{ address }}:{{ ext }} ssl;
 
-{% if options.ssl -%}
     ssl on;
-    ssl_certificate /var/snap/gnocchi/common/etc/nginx/ssl/cert_{{ address }};
-    ssl_certificate_key /var/snap/gnocchi/common/etc/nginx/ssl/key_{{ address }};
+    ssl_certificate /var/snap/gnocchi/common/etc/nginx/ssl/cert_{{ endpoint }};
+    ssl_certificate_key /var/snap/gnocchi/common/etc/nginx/ssl/key_{{ endpoint }};
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM;
-{% endif -%}
 
     server_name {{ endpoint }};
 
diff --git a/src/tests/gate-basic-snap-xenial-pike b/src/tests/gate-basic-snap-xenial-pike
new file mode 100755
index 0000000..9293aca
--- /dev/null
+++ b/src/tests/gate-basic-snap-xenial-pike
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+#
+# Copyright 2016 Canonical Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Amulet tests on a basic Gnocchi Charm deployment on xenial-pike."""
+
+from basic_deployment import GnocchiCharmSnapDeployment
+
+if __name__ == '__main__':
+    deployment = GnocchiCharmSnapDeployment(series='xenial',
+                                            openstack='cloud:xenial-pike',
+                                            snap_source='snap:pike/edge')
+    deployment.run_tests()