Merge "Surround IPv6 addresses with []"
This commit is contained in:
commit
0a03b2b36d
|
@ -127,6 +127,8 @@ def binding_address(binding):
|
|||
def get_vault_url(binding, port, address=None):
|
||||
protocol = 'http'
|
||||
ip = address or binding_address(binding)
|
||||
if ':' in ip:
|
||||
ip = '[{}]'.format(ip)
|
||||
if charms.reactive.is_state('vault.ssl.available'):
|
||||
protocol = 'https'
|
||||
return '{}://{}:{}'.format(protocol, ip, port)
|
||||
|
@ -165,6 +167,8 @@ def get_access_address():
|
|||
addr = hookenv.config('dns-ha-access-record')
|
||||
addr = addr or get_vip('access')
|
||||
addr = addr or binding_address('access')
|
||||
if ':' in addr:
|
||||
addr = '[{}]'.format(addr)
|
||||
if charms.reactive.is_state('vault.ssl.available'):
|
||||
protocol = 'https'
|
||||
return '{}://{}:{}'.format(protocol, addr, 8200)
|
||||
|
|
|
@ -83,6 +83,14 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
|
|||
self.assertEqual(vault.get_api_url(), 'https://1.2.3.4:8200')
|
||||
network_get_primary_address.assert_called_with('access')
|
||||
|
||||
@patch.object(vault.hookenv, 'network_get_primary_address')
|
||||
@patch.object(vault.charms.reactive, 'is_state')
|
||||
def test_get_api_url_sslv6(self, is_state, network_get_primary_address):
|
||||
is_state.return_value = True
|
||||
network_get_primary_address.return_value = '2001:db8::'
|
||||
self.assertEqual(vault.get_api_url(), 'https://[2001:db8::]:8200')
|
||||
network_get_primary_address.assert_called_with('access')
|
||||
|
||||
@patch.object(vault.hookenv, 'network_get_primary_address')
|
||||
@patch.object(vault.charms.reactive, 'is_state')
|
||||
def test_get_api_url_nossl(self, is_state, network_get_primary_address):
|
||||
|
@ -91,6 +99,14 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
|
|||
self.assertEqual(vault.get_api_url(), 'http://1.2.3.4:8200')
|
||||
network_get_primary_address.assert_called_with('access')
|
||||
|
||||
@patch.object(vault.hookenv, 'network_get_primary_address')
|
||||
@patch.object(vault.charms.reactive, 'is_state')
|
||||
def test_get_api_url_nosslv6(self, is_state, network_get_primary_address):
|
||||
is_state.return_value = False
|
||||
network_get_primary_address.return_value = '2001:db8::'
|
||||
self.assertEqual(vault.get_api_url(), 'http://[2001:db8::]:8200')
|
||||
network_get_primary_address.assert_called_with('access')
|
||||
|
||||
@patch.object(vault.hookenv, 'network_get_primary_address')
|
||||
@patch.object(vault.charms.reactive, 'is_state')
|
||||
def test_get_cluster_url_ssl(self, is_state, network_get_primary_address):
|
||||
|
@ -99,6 +115,16 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
|
|||
self.assertEqual(vault.get_cluster_url(), 'https://1.2.3.4:8201')
|
||||
network_get_primary_address.assert_called_with('cluster')
|
||||
|
||||
@patch.object(vault.hookenv, 'network_get_primary_address')
|
||||
@patch.object(vault.charms.reactive, 'is_state')
|
||||
def test_get_cluster_url_sslv6(
|
||||
self, is_state, network_get_primary_address
|
||||
):
|
||||
is_state.return_value = True
|
||||
network_get_primary_address.return_value = '2001:db8::'
|
||||
self.assertEqual(vault.get_cluster_url(), 'https://[2001:db8::]:8201')
|
||||
network_get_primary_address.assert_called_with('cluster')
|
||||
|
||||
@patch.object(vault.hookenv, 'network_get_primary_address')
|
||||
@patch.object(vault.charms.reactive, 'is_state')
|
||||
def test_get_cluster_url_nossl(self, is_state,
|
||||
|
@ -108,6 +134,16 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
|
|||
self.assertEqual(vault.get_cluster_url(), 'http://1.2.3.4:8201')
|
||||
network_get_primary_address.assert_called_with('cluster')
|
||||
|
||||
@patch.object(vault.hookenv, 'network_get_primary_address')
|
||||
@patch.object(vault.charms.reactive, 'is_state')
|
||||
def test_get_cluster_url_nosslv6(
|
||||
self, is_state, network_get_primary_address
|
||||
):
|
||||
is_state.return_value = False
|
||||
network_get_primary_address.return_value = '2001:db8::'
|
||||
self.assertEqual(vault.get_cluster_url(), 'http://[2001:db8::]:8201')
|
||||
network_get_primary_address.assert_called_with('cluster')
|
||||
|
||||
@patch.object(vault.hvac, 'Client')
|
||||
@patch.object(vault, 'get_api_url')
|
||||
def test_get_client(self, get_api_url, hvac_Client):
|
||||
|
|
|
@ -147,7 +147,7 @@ class TestLibCharmVaultPKI(unit_tests.test_utils.CharmTestCase):
|
|||
get_local_client.return_value = client_mock
|
||||
is_ca_ready.return_value = False
|
||||
with self.assertRaises(vault_pki.vault.VaultNotReady):
|
||||
vault_pki.generate_certificate('server', 'exmaple.com', [],
|
||||
vault_pki.generate_certificate('server', 'example.com', [],
|
||||
ttl='3456h', max_ttl='3456h')
|
||||
|
||||
@patch.object(vault_pki, 'is_ca_ready')
|
||||
|
@ -160,7 +160,7 @@ class TestLibCharmVaultPKI(unit_tests.test_utils.CharmTestCase):
|
|||
get_local_client.return_value = client_mock
|
||||
is_ca_ready.return_value = True
|
||||
with self.assertRaises(vault_pki.vault.VaultInvalidRequest):
|
||||
vault_pki.generate_certificate('unknown', 'exmaple.com', [],
|
||||
vault_pki.generate_certificate('unknown', 'example.com', [],
|
||||
'3456h', '3456h')
|
||||
|
||||
@patch.object(vault_pki, 'is_ca_ready')
|
||||
|
@ -174,7 +174,7 @@ class TestLibCharmVaultPKI(unit_tests.test_utils.CharmTestCase):
|
|||
is_ca_ready.return_value = True
|
||||
client_mock.write.side_effect = hvac.exceptions.InvalidRequest
|
||||
with self.assertRaises(vault_pki.vault.VaultInvalidRequest):
|
||||
vault_pki.generate_certificate('server', 'exmaple.com', [],
|
||||
vault_pki.generate_certificate('server', 'example.com', [],
|
||||
ttl='3456h', max_ttl='3456h')
|
||||
|
||||
@patch.object(vault_pki, 'configure_pki_backend')
|
||||
|
@ -234,7 +234,7 @@ class TestLibCharmVaultPKI(unit_tests.test_utils.CharmTestCase):
|
|||
crl_distribution_points='{}/crl'.format(local_url)),
|
||||
mock.call(
|
||||
'charm-pki-local/roles/local',
|
||||
allowed_domains='exmaple.com',
|
||||
allowed_domains='example.com',
|
||||
allow_subdomains=True,
|
||||
enforce_hostnames=False,
|
||||
allow_any_name=True,
|
||||
|
@ -243,7 +243,7 @@ class TestLibCharmVaultPKI(unit_tests.test_utils.CharmTestCase):
|
|||
client_flag=True),
|
||||
mock.call(
|
||||
'charm-pki-local/roles/local-client',
|
||||
allowed_domains='exmaple.com',
|
||||
allowed_domains='example.com',
|
||||
allow_subdomains=True,
|
||||
enforce_hostnames=False,
|
||||
allow_any_name=True,
|
||||
|
@ -251,7 +251,85 @@ class TestLibCharmVaultPKI(unit_tests.test_utils.CharmTestCase):
|
|||
server_flag=False,
|
||||
client_flag=True),
|
||||
]
|
||||
vault_pki.upload_signed_csr('MYPEM', 'exmaple.com')
|
||||
vault_pki.upload_signed_csr('MYPEM', 'example.com')
|
||||
client_mock._post.assert_called_once_with(
|
||||
'v1/charm-pki-local/intermediate/set-signed',
|
||||
json={'certificate': 'MYPEM'})
|
||||
client_mock.write.assert_has_calls(write_calls)
|
||||
|
||||
@patch.object(vault_pki.vault, 'get_access_address')
|
||||
@patch.object(vault_pki.vault, 'get_local_client')
|
||||
def test_upload_signed_csr_ipv4(
|
||||
self, get_local_client, get_access_address
|
||||
):
|
||||
get_access_address.return_value = 'https://127.0.0.1:8200'
|
||||
client_mock = mock.MagicMock()
|
||||
get_local_client.return_value = client_mock
|
||||
local_url = 'https://127.0.0.1:8200/v1/charm-pki-local'
|
||||
write_calls = [
|
||||
mock.call(
|
||||
'charm-pki-local/config/urls',
|
||||
issuing_certificates='{}/ca'.format(local_url),
|
||||
crl_distribution_points='{}/crl'.format(local_url)),
|
||||
mock.call(
|
||||
'charm-pki-local/roles/local',
|
||||
allowed_domains='example.com',
|
||||
allow_subdomains=True,
|
||||
enforce_hostnames=False,
|
||||
allow_any_name=True,
|
||||
max_ttl='87598h',
|
||||
server_flag=True,
|
||||
client_flag=True),
|
||||
mock.call(
|
||||
'charm-pki-local/roles/local-client',
|
||||
allowed_domains='example.com',
|
||||
allow_subdomains=True,
|
||||
enforce_hostnames=False,
|
||||
allow_any_name=True,
|
||||
max_ttl='87598h',
|
||||
server_flag=False,
|
||||
client_flag=True),
|
||||
]
|
||||
vault_pki.upload_signed_csr('MYPEM', 'example.com')
|
||||
client_mock._post.assert_called_once_with(
|
||||
'v1/charm-pki-local/intermediate/set-signed',
|
||||
json={'certificate': 'MYPEM'})
|
||||
client_mock.write.assert_has_calls(write_calls)
|
||||
|
||||
@patch.object(vault_pki.vault, 'get_access_address')
|
||||
@patch.object(vault_pki.vault, 'get_local_client')
|
||||
def test_upload_signed_csr_ipv6(
|
||||
self, get_local_client, get_access_address
|
||||
):
|
||||
get_access_address.return_value = 'https://[::1]:8200'
|
||||
client_mock = mock.MagicMock()
|
||||
get_local_client.return_value = client_mock
|
||||
local_url = 'https://[::1]:8200/v1/charm-pki-local'
|
||||
write_calls = [
|
||||
mock.call(
|
||||
'charm-pki-local/config/urls',
|
||||
issuing_certificates='{}/ca'.format(local_url),
|
||||
crl_distribution_points='{}/crl'.format(local_url)),
|
||||
mock.call(
|
||||
'charm-pki-local/roles/local',
|
||||
allowed_domains='example.com',
|
||||
allow_subdomains=True,
|
||||
enforce_hostnames=False,
|
||||
allow_any_name=True,
|
||||
max_ttl='87598h',
|
||||
server_flag=True,
|
||||
client_flag=True),
|
||||
mock.call(
|
||||
'charm-pki-local/roles/local-client',
|
||||
allowed_domains='example.com',
|
||||
allow_subdomains=True,
|
||||
enforce_hostnames=False,
|
||||
allow_any_name=True,
|
||||
max_ttl='87598h',
|
||||
server_flag=False,
|
||||
client_flag=True),
|
||||
]
|
||||
vault_pki.upload_signed_csr('MYPEM', 'example.com')
|
||||
client_mock._post.assert_called_once_with(
|
||||
'v1/charm-pki-local/intermediate/set-signed',
|
||||
json={'certificate': 'MYPEM'})
|
||||
|
@ -272,7 +350,7 @@ class TestLibCharmVaultPKI(unit_tests.test_utils.CharmTestCase):
|
|||
crl_distribution_points='{}/crl'.format(local_url)),
|
||||
mock.call(
|
||||
'charm-pki-local/roles/local',
|
||||
allowed_domains='exmaple.com',
|
||||
allowed_domains='example.com',
|
||||
allow_subdomains=False,
|
||||
enforce_hostnames=True,
|
||||
allow_any_name=False,
|
||||
|
@ -281,7 +359,7 @@ class TestLibCharmVaultPKI(unit_tests.test_utils.CharmTestCase):
|
|||
client_flag=True),
|
||||
mock.call(
|
||||
'charm-pki-local/roles/local-client',
|
||||
allowed_domains='exmaple.com',
|
||||
allowed_domains='example.com',
|
||||
allow_subdomains=False,
|
||||
enforce_hostnames=True,
|
||||
allow_any_name=False,
|
||||
|
@ -291,7 +369,7 @@ class TestLibCharmVaultPKI(unit_tests.test_utils.CharmTestCase):
|
|||
]
|
||||
vault_pki.upload_signed_csr(
|
||||
'MYPEM',
|
||||
'exmaple.com',
|
||||
'example.com',
|
||||
allow_subdomains=False,
|
||||
enforce_hostnames=True,
|
||||
allow_any_name=False,
|
||||
|
|
Loading…
Reference in New Issue