From f0095ffcbbfd3c84dc410713ea269ea2dd3ea879 Mon Sep 17 00:00:00 2001
From: James Page <james.page@ubuntu.com>
Date: Wed, 22 Jul 2020 10:10:15 +0100
Subject: [PATCH] Use public endpoint binding for console cert and key

Ensure that the public endpoint binding is used to resolve the
path to the SSL certificate and key files as the base access
URL for console access is always via this binding.

Add unit tests to cover the InstanceConsoleContext class.

Change-Id: I27de9445d249b0d670543d250bd02f450764a10f
Closes-Bug: 1871428
---
 hooks/nova_cc_context.py            |  2 +-
 unit_tests/test_nova_cc_contexts.py | 35 +++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/hooks/nova_cc_context.py b/hooks/nova_cc_context.py
index 109e3248..54a817ee 100644
--- a/hooks/nova_cc_context.py
+++ b/hooks/nova_cc_context.py
@@ -458,7 +458,7 @@ class InstanceConsoleContext(ch_context.OSContextGenerator):
         ctxt = {}
         # Configure nova-novncproxy https if nova-api is using https.
         if ch_cluster.https():
-            cn = ch_ip.resolve_address(endpoint_type=ch_ip.INTERNAL)
+            cn = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC)
             if cn:
                 cert_filename = 'cert_{}'.format(cn)
                 key_filename = 'key_{}'.format(cn)
diff --git a/unit_tests/test_nova_cc_contexts.py b/unit_tests/test_nova_cc_contexts.py
index 520a12af..1c1c3f23 100644
--- a/unit_tests/test_nova_cc_contexts.py
+++ b/unit_tests/test_nova_cc_contexts.py
@@ -484,6 +484,41 @@ class NovaComputeContextTests(CharmTestCase):
         mock_resolve_address.assert_called_with(
             endpoint_type=context.ch_ip.PUBLIC)
 
+    @mock.patch.object(context, 'ch_cluster')
+    @mock.patch('os.path.exists')
+    @mock.patch('charmhelpers.contrib.openstack.ip.resolve_address')
+    def test_instance_console_context(self,
+                                      mock_resolve_address,
+                                      mock_os_path_exists,
+                                      mock_ch_cluster):
+        mock_os_path_exists.return_value = True
+        mock_resolve_address.return_value = "10.20.30.40"
+        mock_ch_cluster.https.return_value = True
+        ctxt = context.InstanceConsoleContext()()
+        self.assertEqual(
+            ctxt,
+            {'ssl_cert': '/etc/apache2/ssl/nova/cert_10.20.30.40',
+             'ssl_key': '/etc/apache2/ssl/nova/key_10.20.30.40'}
+        )
+        mock_resolve_address.assert_called_once_with(
+            endpoint_type=context.ch_ip.PUBLIC
+        )
+
+    @mock.patch.object(context, 'ch_cluster')
+    @mock.patch('os.path.exists')
+    @mock.patch('charmhelpers.contrib.openstack.ip.resolve_address')
+    def test_instance_console_context_no_https(self,
+                                               mock_resolve_address,
+                                               mock_os_path_exists,
+                                               mock_ch_cluster):
+        mock_os_path_exists.return_value = True
+        mock_resolve_address.return_value = "10.20.30.40"
+        mock_ch_cluster.https.return_value = False
+        ctxt = context.InstanceConsoleContext()()
+        self.assertEqual(
+            ctxt, {}
+        )
+
     def test_nova_cellv2_shared_db_context(self):
         self.relation_ids.return_value = ['shared-db:0']
         self.related_units.return_value = ['mysql/0']