Merge "Enable MySQL DB TLS Communication"
This commit is contained in:
commit
56ad2e6c5e
|
@ -225,6 +225,11 @@ def configure_vault_mysql(mysql):
|
|||
'storage_name': 'mysql',
|
||||
'mysql_db_relation': mysql,
|
||||
}
|
||||
if mysql.ssl_ca():
|
||||
_db_tls_ca_file = "/var/snap/vault/common/db-tls-ca.pem"
|
||||
_db_tls_ca = base64.decodebytes(mysql.ssl_ca().encode())
|
||||
write_file(_db_tls_ca_file, _db_tls_ca, perms=0o600)
|
||||
context["tls_ca_file"] = _db_tls_ca_file
|
||||
configure_vault(context)
|
||||
|
||||
|
||||
|
|
|
@ -18,6 +18,9 @@ storage "mysql" {
|
|||
database = "{{ mysql_db_relation.database() }}"
|
||||
address = "{{ mysql_db_relation.db_host() }}:3306"
|
||||
max_connection_lifetime = "3600"
|
||||
{%- if tls_ca_file %}
|
||||
tls_ca_file = "{{ tls_ca_file }}"
|
||||
{%- endif %}
|
||||
}
|
||||
{%- endif %}
|
||||
{%- if etcd_conn %}
|
||||
|
|
|
@ -180,6 +180,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
|
|||
@patch.object(handlers, 'configure_vault')
|
||||
def test_configure_vault_msql(self, configure_vault):
|
||||
mysql = mock.MagicMock()
|
||||
mysql.ssl_ca.return_value = None
|
||||
mysql.allowed_units.return_value = ['vault/0']
|
||||
self.local_unit.return_value = 'vault/0'
|
||||
handlers.configure_vault_mysql(mysql)
|
||||
|
@ -187,6 +188,28 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
|
|||
'storage_name': 'mysql',
|
||||
'mysql_db_relation': mysql})
|
||||
|
||||
@patch.object(handlers, 'base64')
|
||||
@patch.object(handlers, 'write_file')
|
||||
@patch.object(handlers, 'configure_vault')
|
||||
def test_configure_vault_msql_tls(
|
||||
self, configure_vault, write_file, base64):
|
||||
_cert = "Certificate Authority"
|
||||
mysql = mock.MagicMock()
|
||||
mysql.ssl_ca.return_value = _cert
|
||||
mysql.allowed_units.return_value = ['vault/0']
|
||||
self.local_unit.return_value = 'vault/0'
|
||||
_base64encoded = "Base64 Encoded"
|
||||
base64.decodebytes.return_value = _base64encoded
|
||||
handlers.configure_vault_mysql(mysql)
|
||||
write_file.assert_called_once_with(
|
||||
"/var/snap/vault/common/db-tls-ca.pem",
|
||||
_base64encoded,
|
||||
perms=0o600)
|
||||
configure_vault.assert_called_once_with({
|
||||
'storage_name': 'mysql',
|
||||
'mysql_db_relation': mysql,
|
||||
'tls_ca_file': '/var/snap/vault/common/db-tls-ca.pem'})
|
||||
|
||||
@patch.object(handlers, 'configure_vault')
|
||||
def test_configure_vault_msql_noacl(self, configure_vault):
|
||||
mysql = mock.MagicMock()
|
||||
|
|
Loading…
Reference in New Issue