From 256f971c78574f017eb802ab7097231698b96ae0 Mon Sep 17 00:00:00 2001 From: Frode Nordahl Date: Thu, 21 Feb 2019 16:38:55 +0100 Subject: [PATCH] Use correct certificate when ``os-public-hostname`` configration option is set Note that this is a short term kludge/fix, on the long term we should ditch the charm specific ApacheSSLContext and use the common one from charm-helpers with an adapted Apache config inspired from the ``openstack_https_fronted`` template Change-Id: I74c17113f431c4c21f638be6abffaeeb693f1462 Closes-Bug: #1816621 --- hooks/horizon_hooks.py | 24 ++++++++++++++++++++++-- unit_tests/test_horizon_hooks.py | 31 +++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 2 deletions(-) diff --git a/hooks/horizon_hooks.py b/hooks/horizon_hooks.py index 097e8e4c..08104b71 100755 --- a/hooks/horizon_hooks.py +++ b/hooks/horizon_hooks.py @@ -376,8 +376,28 @@ def certs_joined(relation_id=None): @hooks.hook('certificates-relation-changed') def certs_changed(relation_id=None, unit=None): - process_certificates('horizon', relation_id, unit, - custom_hostname_link='dashboard') + if config('os-public-hostname'): + # NOTE(fnordahl): Kludge to fix LP: #1816621 + # Long term fix is to use the common ApacheSSLContext from + # charm-helpers and adapt the Apache config along the lines of + # ``charmhelpers/contrib/openstack/templates/openstack_https_frontend`` + process_certificates('horizon', relation_id, unit) + ssl_dir = '/etc/apache2/ssl/horizon' + cert = os.path.join( + ssl_dir, + '{}_{}'.format('cert', config('os-public-hostname'))) + key = os.path.join( + ssl_dir, + '{}_{}'.format('key', config('os-public-hostname'))) + cert_link = os.path.join(ssl_dir, 'cert_dashboard') + key_link = os.path.join(ssl_dir, 'key_dashboard') + for source, dest in [(cert, cert_link), (key, key_link)]: + if os.path.exists(dest): + os.remove(dest) + os.symlink(source, dest) + else: + process_certificates('horizon', relation_id, unit, + custom_hostname_link='dashboard') CONFIGS.write_all() service_reload('apache2') enable_ssl() diff --git a/unit_tests/test_horizon_hooks.py b/unit_tests/test_horizon_hooks.py index 36dcdf66..e5e8e3ad 100644 --- a/unit_tests/test_horizon_hooks.py +++ b/unit_tests/test_horizon_hooks.py @@ -330,3 +330,34 @@ class TestHorizonHooks(CharmTestCase): "path": "/auth/websso/", }), ]) + + @patch.object(hooks.os, 'symlink') + @patch.object(hooks.os, 'remove') + @patch.object(hooks.os.path, 'exists') + @patch.object(hooks, 'service_reload') + @patch.object(hooks, 'process_certificates') + def test_certs_changed(self, _process_certificates, _service_reload, + _exists, _remove, _symlink): + self._call_hook('certificates-relation-changed') + _process_certificates.assert_called_with( + 'horizon', None, None, custom_hostname_link='dashboard') + self.assertFalse(_symlink.called) + self.CONFIGS.write_all.assert_called_with() + _service_reload.assert_called_with('apache2') + self.enable_ssl.assert_called_with() + _process_certificates.reset_mock() + self.config.side_effect = None + self.config.return_value = 'somehostname' + _exists.return_value = True + self._call_hook('certificates-relation-changed') + _process_certificates.assert_called_with('horizon', None, None) + _remove.assert_has_calls([ + call('/etc/apache2/ssl/horizon/cert_dashboard'), + call('/etc/apache2/ssl/horizon/key_dashboard'), + ]) + _symlink.assert_has_calls([ + call('/etc/apache2/ssl/horizon/cert_somehostname', + '/etc/apache2/ssl/horizon/cert_dashboard'), + call('/etc/apache2/ssl/horizon/key_somehostname', + '/etc/apache2/ssl/horizon/key_dashboard'), + ])