Configure TLS on config-changed events

Ensure that TLS is potentially reconfigured in the event of a config-changed hook execution - ssl_* configuration options may have been changed so certs, keys and CA files on disk will need to be updated. Change-Id: I00d2eb16714785b15e13b196ea12716dc8a5b527 Related-Bug: 1865842 Co-Authored-By: James Page <james.page@ubuntu.com>
2020-09-21 09:39:08 +03:00 · 2020-09-21 09:39:08 +03:00 · 69eb753b02
parent d0d3e2b1ea
commit 69eb753b02
2 changed files with 20 additions and 0 deletions
--- a/charms_openstack/charm/classes.py
+++ b/charms_openstack/charm/classes.py
@ -428,6 +428,10 @@ class OpenStackCharm(BaseOpenStackCharm,
    def config_defined_ssl_ca(self):
        return self._get_b64decode_for('ssl_ca')

+    def config_changed(self):
+        tls = reactive.endpoint_from_flag('certificates.available')
+        self.configure_tls(certificates_interface=tls)
+
    def configure_ssl(self, keystone_interface=None):
        """DEPRECATED Configure SSL certificates and keys.

--- a/unit_tests/charms_openstack/charm/test_classes.py
+++ b/unit_tests/charms_openstack/charm/test_classes.py
@ -510,6 +510,22 @@ class TestMyOpenStackCharm(BaseOpenStackCharmTest):
                'w')
            mock_file.write.assert_called_with('rabbit_cert')

+    def test_config_changed(self):
+        self.patch_target('configure_tls')
+        self.target.config_changed()
+        self.configure_tls.assert_called_once_with(certificates_interface=None)
+
+        self.configure_tls.reset_mock()
+        ep_mock = mock.MagicMock()
+        self.patch_object(
+            chm.reactive,
+            'endpoint_from_flag',
+            return_value=ep_mock)
+        self.patch_target('configure_tls')
+        self.target.config_changed()
+        self.target.configure_tls.assert_called_once_with(
+            certificates_interface=ep_mock)
+
    def test_configure_tls(self):
        tls_objs = [
            {