Properly set SSL cert paths when disabling certs databag
This fixes an oversight in a previous patch when disabling the certs databag. It would improperly not set the cert paths at all in the apache vhost config. This fixes it and also adds an addition test that should have caught it originally. Change-Id: I7726c949791658a750b9c382107f01e0a112247c
This commit is contained in:
parent
2685178b69
commit
796945e658
|
@ -77,15 +77,15 @@ end
|
|||
if node['openstack']['dashboard']['ssl']['use_data_bag']
|
||||
ssl_cert = secret('certs', node['openstack']['dashboard']['ssl']['cert'])
|
||||
ssl_key = secret('certs', node['openstack']['dashboard']['ssl']['key'])
|
||||
ssl_cert_file = File.join(node['openstack']['dashboard']['ssl']['cert_dir'], node['openstack']['dashboard']['ssl']['cert'])
|
||||
ssl_key_file = File.join(node['openstack']['dashboard']['ssl']['key_dir'], node['openstack']['dashboard']['ssl']['key'])
|
||||
if node['openstack']['dashboard']['ssl']['chain']
|
||||
ssl_chain = secret('certs', node['openstack']['dashboard']['ssl']['chain'])
|
||||
ssl_chain_file = File.join(node['openstack']['dashboard']['ssl']['cert_dir'], node['openstack']['dashboard']['ssl']['chain'])
|
||||
else
|
||||
ssl_chain_file = nil
|
||||
end
|
||||
end
|
||||
ssl_cert_file = File.join(node['openstack']['dashboard']['ssl']['cert_dir'], node['openstack']['dashboard']['ssl']['cert'])
|
||||
ssl_key_file = File.join(node['openstack']['dashboard']['ssl']['key_dir'], node['openstack']['dashboard']['ssl']['key'])
|
||||
ssl_chain_file = if node['openstack']['dashboard']['ssl']['chain']
|
||||
File.join(node['openstack']['dashboard']['ssl']['cert_dir'], node['openstack']['dashboard']['ssl']['chain'])
|
||||
end
|
||||
|
||||
if node['openstack']['dashboard']['use_ssl'] &&
|
||||
node['openstack']['dashboard']['ssl']['use_data_bag']
|
||||
|
|
|
@ -314,6 +314,27 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
.with_content(%r{^\s*SSLCertificateChainFile /etc/ssl/certs/horizon-chain.pem$})
|
||||
end
|
||||
end
|
||||
context 'set use_data_bag to false' do
|
||||
it 'shows ssl certificate related directives defaults' do
|
||||
node.set['openstack']['dashboard']['ssl']['use_data_bag'] = false
|
||||
[/^\s*SSLEngine on$/,
|
||||
%r{^\s*SSLCertificateFile /etc/ssl/certs/horizon.pem$},
|
||||
%r{^\s*SSLCertificateKeyFile /etc/ssl/private/horizon.key$},
|
||||
/^\s*SSLProtocol All -SSLv2 -SSLv3$/].each do |ssl_certificate_directive|
|
||||
expect(chef_run).to render_file(file.name).with_content(ssl_certificate_directive)
|
||||
end
|
||||
expect(chef_run).to_not render_file(file.name)
|
||||
.with_content(/SSLCertificateChainFile/)
|
||||
end
|
||||
context 'set ssl chain' do
|
||||
it 'shows chain directive' do
|
||||
node.set['openstack']['dashboard']['ssl']['use_data_bag'] = false
|
||||
node.set['openstack']['dashboard']['ssl']['chain'] = 'horizon-chain.pem'
|
||||
expect(chef_run).to render_file(file.name)
|
||||
.with_content(%r{^\s*SSLCertificateChainFile /etc/ssl/certs/horizon-chain.pem$})
|
||||
end
|
||||
end
|
||||
end
|
||||
it 'has no ssl ciphers configured by default' do
|
||||
expect(chef_run).not_to render_file(file.name).with_content(/^\s*SSLCipherSuite.*$/)
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue