Use public endpoint binding for console cert and key

Ensure that the public endpoint binding is used to resolve the path to the SSL certificate and key files as the base access URL for console access is always via this binding. Add unit tests to cover the InstanceConsoleContext class. Change-Id: I27de9445d249b0d670543d250bd02f450764a10f Closes-Bug: 1871428
2020-07-22 10:10:15 +01:00 · 2020-07-22 10:10:15 +01:00 · f0095ffcbb
parent 4c6287a180
commit f0095ffcbb
2 changed files with 36 additions and 1 deletions
--- a/hooks/nova_cc_context.py
+++ b/hooks/nova_cc_context.py
@ -458,7 +458,7 @@ class InstanceConsoleContext(ch_context.OSContextGenerator):
        ctxt = {}
        # Configure nova-novncproxy https if nova-api is using https.
        if ch_cluster.https():
-            cn = ch_ip.resolve_address(endpoint_type=ch_ip.INTERNAL)
+            cn = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC)
            if cn:
                cert_filename = 'cert_{}'.format(cn)
                key_filename = 'key_{}'.format(cn)
--- a/unit_tests/test_nova_cc_contexts.py
+++ b/unit_tests/test_nova_cc_contexts.py
@ -484,6 +484,41 @@ class NovaComputeContextTests(CharmTestCase):
        mock_resolve_address.assert_called_with(
            endpoint_type=context.ch_ip.PUBLIC)

+    @mock.patch.object(context, 'ch_cluster')
+    @mock.patch('os.path.exists')
+    @mock.patch('charmhelpers.contrib.openstack.ip.resolve_address')
+    def test_instance_console_context(self,
+                                      mock_resolve_address,
+                                      mock_os_path_exists,
+                                      mock_ch_cluster):
+        mock_os_path_exists.return_value = True
+        mock_resolve_address.return_value = "10.20.30.40"
+        mock_ch_cluster.https.return_value = True
+        ctxt = context.InstanceConsoleContext()()
+        self.assertEqual(
+            ctxt,
+            {'ssl_cert': '/etc/apache2/ssl/nova/cert_10.20.30.40',
+             'ssl_key': '/etc/apache2/ssl/nova/key_10.20.30.40'}
+        )
+        mock_resolve_address.assert_called_once_with(
+            endpoint_type=context.ch_ip.PUBLIC
+        )
+
+    @mock.patch.object(context, 'ch_cluster')
+    @mock.patch('os.path.exists')
+    @mock.patch('charmhelpers.contrib.openstack.ip.resolve_address')
+    def test_instance_console_context_no_https(self,
+                                               mock_resolve_address,
+                                               mock_os_path_exists,
+                                               mock_ch_cluster):
+        mock_os_path_exists.return_value = True
+        mock_resolve_address.return_value = "10.20.30.40"
+        mock_ch_cluster.https.return_value = False
+        ctxt = context.InstanceConsoleContext()()
+        self.assertEqual(
+            ctxt, {}
+        )
+
    def test_nova_cellv2_shared_db_context(self):
        self.relation_ids.return_value = ['shared-db:0']
        self.related_units.return_value = ['mysql/0']