Config the some certificate options
Allow the following options to be configured OPENSTACK_SSL_NO_VERIFY OPENSTACK_SSL_CACERT Closes-Bug: #1372723 Change-Id: Ic4a612a899753198d1c09f5b5b78ca94d920d687
This commit is contained in:
parent
0a2cf2e414
commit
614103b253
|
@ -10,6 +10,7 @@ This file is used to list changes made in each version of the openstack-dashboar
|
|||
* Add optional section support for local_settings template
|
||||
* Update local_settings from 0644 to 0640
|
||||
* Fix python-ibm-db-django package polluting common package attribute
|
||||
* Allow some ceitificate options to be configured
|
||||
|
||||
## 9.1
|
||||
* python_packages database client attributes have been moved to the -common cookbook
|
||||
|
|
|
@ -47,6 +47,8 @@ Attributes
|
|||
* `openstack['dashboard']['http_port']` - Port that httpd should listen on (default: 80)
|
||||
* `openstack['dashboard']['https_port']` - Port that httpd should listen on for using ssl (default: 443)
|
||||
* `openstack['dashboard']['password_autocomplete']` - Toggle browser autocompletion for login form ('on' or 'off', default: 'on')
|
||||
* `openstack['dashboard']['ssl_no_verify']` - Disable SSL certificate checks (useful for self-signed certificates)
|
||||
* `openstack['dashboard']['ssl_cacert']` - The CA certificate to use to verify SSL connections
|
||||
* `openstack['dashboard']['misc_local_settings']` - Additions to the local_settings conf file
|
||||
|
||||
Identity
|
||||
|
|
|
@ -60,6 +60,9 @@ default['openstack']['dashboard']['https_port'] = 443
|
|||
|
||||
default['openstack']['dashboard']['secret_key_content'] = nil
|
||||
|
||||
default['openstack']['dashboard']['ssl_no_verify'] = 'True'
|
||||
default['openstack']['dashboard']['ssl_cacert'] = nil
|
||||
|
||||
default['openstack']['dashboard']['webroot'] = '/'
|
||||
|
||||
# Dashboard specific database packages
|
||||
|
|
|
@ -158,6 +158,29 @@ describe 'openstack-dashboard::server' do
|
|||
end
|
||||
end
|
||||
|
||||
context 'config ssl_no_verify' do
|
||||
context 'set to the default value' do
|
||||
it 'has a True value for the OPENSTACK_SSL_NO_VERIFY attribute' do
|
||||
expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_SSL_NO_VERIFY = True$/)
|
||||
end
|
||||
end
|
||||
|
||||
context 'set to False' do
|
||||
before do
|
||||
node.set['openstack']['dashboard']['ssl_no_verify'] = 'False'
|
||||
end
|
||||
|
||||
it 'has a False value for the OPENSTACK_SSL_NO_VERIFY attribute' do
|
||||
expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_SSL_NO_VERIFY = False$/)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'config ssl_cacert' do
|
||||
node.set['openstack']['dashboard']['ssl_cacert'] = '/path_to_cacert.pem'
|
||||
expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_SSL_CACERT = '\/path_to_cacert.pem'$/)
|
||||
end
|
||||
|
||||
it 'has some allowed hosts set' do
|
||||
node.set['openstack']['dashboard']['allowed_hosts'] = ['dashboard.example.net']
|
||||
expect(chef_run).to render_file(file.name).with_content(/^ALLOWED_HOSTS = \["dashboard.example.net"\]$/)
|
||||
|
|
|
@ -161,9 +161,13 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= node["openstack"]["dashboard"]["keystone_
|
|||
|
||||
# Disable SSL certificate checks (useful for self-signed certificates):
|
||||
# OPENSTACK_SSL_NO_VERIFY = True
|
||||
OPENSTACK_SSL_NO_VERIFY = <%= node['openstack']['dashboard']['ssl_no_verify'] %>
|
||||
|
||||
# The CA certificate to use to verify SSL connections
|
||||
# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
|
||||
<% if node['openstack']['dashboard']['ssl_cacert'] %>
|
||||
OPENSTACK_SSL_CACERT = '<%= node['openstack']['dashboard']['ssl_cacert'] %>'
|
||||
<% end %>
|
||||
|
||||
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
|
||||
# capabilities of the auth backend for Keystone.
|
||||
|
|
Loading…
Reference in New Issue