From f3663d54a01c155559a0ae0d4434ff5cd7f7f9a1 Mon Sep 17 00:00:00 2001
From: Stanislaw Bogatkin <sbogatkin@mirantis.com>
Date: Tue, 22 Dec 2015 18:20:59 +0300
Subject: [PATCH] Change way to pull fields for TLS certificates

Change-Id: Ibc55d98ffc8b8464fd4ca4cdce622ceb1b8a6758
Closes-Bug: #1528606
---
 .../modular/ssl/ssl_keys_saving.pp            |  8 +-
 ...vlan.ceph.ceil-compute.overridden_ssl.yaml | 96 ++++++++++++-------
 ...eil-primary-controller.overridden_ssl.yaml | 96 ++++++++++++-------
 .../neut_vlan.compute.ssl.overridden.yaml     | 96 ++++++++++++-------
 ...ara-primary-controller.overridden_ssl.yaml | 96 ++++++++++++-------
 .../spec/hosts/ssl/ssl_keys_saving_spec.rb    |  4 +-
 6 files changed, 262 insertions(+), 134 deletions(-)

diff --git a/deployment/puppet/osnailyfacter/modular/ssl/ssl_keys_saving.pp b/deployment/puppet/osnailyfacter/modular/ssl/ssl_keys_saving.pp
index 6e1eefb813..da70a6fb30 100644
--- a/deployment/puppet/osnailyfacter/modular/ssl/ssl_keys_saving.pp
+++ b/deployment/puppet/osnailyfacter/modular/ssl/ssl_keys_saving.pp
@@ -2,7 +2,7 @@ notice('MODULAR: ssl_keys_saving.pp')
 
 $public_ssl_hash = hiera_hash('public_ssl')
 $ssl_hash = hiera_hash('use_ssl', {})
-$pub_certificate_content = $public_ssl_hash['cert_data']['content']
+$pub_certificate_content = try_get_value($public_ssl_hash, 'cert_data/content', "")
 $base_path = "/etc/pki/tls/certs"
 $pki_path = [ "/etc/pki", "/etc/pki/tls" ]
 $astute_base_path = "/var/lib/astute/haproxy"
@@ -27,13 +27,13 @@ define cert_file (
 
   $public_service = try_get_value($ssl_hash, "${service}_public", false)
   $public_usercert = try_get_value($ssl_hash, "${service}_public_usercert", false)
-  $public_certdata = try_get_value($ssl_hash, "${service}_public_certdata", "")
+  $public_certdata = try_get_value($ssl_hash, "${service}_public_certdata/content", "")
   $internal_service = try_get_value($ssl_hash, "${service}_internal", false)
   $internal_usercert = try_get_value($ssl_hash, "${service}_internal_usercert", false)
-  $internal_certdata = try_get_value($ssl_hash, "${service}_internal_certdata", "")
+  $internal_certdata = try_get_value($ssl_hash, "${service}_internal_certdata/content", "")
   $admin_service = try_get_value($ssl_hash, "${service}_admin", false)
   $admin_usercert = try_get_value($ssl_hash, "${service}_admin_usercert", false)
-  $admin_certdata = try_get_value($ssl_hash, "${service}_admin_certdata", "")
+  $admin_certdata = try_get_value($ssl_hash, "${service}_admin_certdata/content", "")
 
   if $ssl_hash["${service}"] {
     if $public_service and $public_usercert and !empty($public_certdata) {
diff --git a/tests/noop/astute.yaml/neut_vlan.ceph.ceil-compute.overridden_ssl.yaml b/tests/noop/astute.yaml/neut_vlan.ceph.ceil-compute.overridden_ssl.yaml
index ada804934a..7bc0396704 100644
--- a/tests/noop/astute.yaml/neut_vlan.ceph.ceil-compute.overridden_ssl.yaml
+++ b/tests/noop/astute.yaml/neut_vlan.ceph.ceil-compute.overridden_ssl.yaml
@@ -62,145 +62,177 @@ use_ssl:
   horizon_public: true
   horizon_public_hostname: 'horizon.public.fuel.local'
   horizon_public_usercert: true
-  horizon_public_certdata: 'somethinglikeacertificateforhorizon'
+  horizon_public_certdata:
+    content: 'somethinglikeacertificateforhorizon'
   keystone: true
   keystone_public: true
   keystone_public_ip: '10.10.10.10'
   keystone_public_hostname: 'keystone.public.fuel.local'
   keystone_public_usercert: true
-  keystone_public_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_public_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   keystone_internal: true
   keystone_internal_ip: '20.20.20.20'
   keystone_internal_hostname: 'keystone.internal.fuel.local'
   keystone_internal_usercert: true
-  keystone_internal_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_internal_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   keystone_admin: true
   keystone_admin_ip: '30.30.30.30'
   keystone_admin_hostname: 'keystone.admin.fuel.local'
   keystone_admin_usercert: true
-  keystone_admin_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_admin_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   nova: true
   nova_public: true
   nova_public_hostname: 'nova.public.fuel.local'
   nova_public_usercert: true
-  nova_public_certdata: 'somethinglikeacertificatefornova'
+  nova_public_certdata:
+    content: 'somethinglikeacertificatefornova'
   nova_internal: true
   nova_internal_hostname: 'nova.internal.fuel.local'
   nova_internal_usercert: true
-  nova_internal_certdata: 'somethinglikeacertificatefornova'
+  nova_internal_certdata:
+    content: 'somethinglikeacertificatefornova'
   nova_admin: true
   nova_admin_hostname: 'nova.admin.fuel.local'
   nova_admin_usercert: true
-  nova_admin_certdata: 'somethinglikeacertificatefornova'
+  nova_admin_certdata:
+    content: 'somethinglikeacertificatefornova'
   heat: true
   heat_public: true
   heat_public_hostname: 'heat.public.fuel.local'
   heat_public_usercert: true
-  heat_public_certdata: 'somethinglikeacertificateforheat'
+  heat_public_certdata:
+    content: 'somethinglikeacertificateforheat'
   heat_internal: true
   heat_internal_hostname: 'heat.internal.fuel.local'
   heat_internal_usercert: true
-  heat_internal_certdata: 'somethinglikeacertificateforheat'
+  heat_internal_certdata:
+    content: 'somethinglikeacertificateforheat'
   heat_admin: true
   heat_admin_hostname: 'heat.admin.fuel.local'
   heat_admin_usercert: true
-  heat_admin_certdata: 'somethinglikeacertificateforheat'
+  heat_admin_certdata:
+    content: 'somethinglikeacertificateforheat'
   glance: true
   glance_public: true
   glance_public_hostname: 'glance.public.fuel.local'
   glance_public_usercert: true
-  glance_public_certdata: 'somethinglikeacertificateforglance'
+  glance_public_certdata:
+    content: 'somethinglikeacertificateforglance'
   glance_internal: true
   glance_internal_hostname: 'glance.internal.fuel.local'
   glance_internal_usercert: true
-  glance_internal_certdata: 'somethinglikeacertificateforglance'
+  glance_internal_certdata:
+    content: 'somethinglikeacertificateforglance'
   glance_admin: true
   glance_admin_hostname: 'glance.admin.fuel.local'
   glance_admin_usercert: true
-  glance_admin_certdata: 'somethinglikeacertificateforglance'
+  glance_admin_certdata:
+    content: 'somethinglikeacertificateforglance'
   cinder: true
   cinder_public: true
   cinder_public_hostname: 'cinder.public.fuel.local'
   cinder_public_usercert: true
-  cinder_public_certdata: 'somethinglikeacertificateforcinder'
+  cinder_public_certdata:
+    content: 'somethinglikeacertificateforcinder'
   cinder_internal: true
   cinder_internal_hostname: 'cinder.internal.fuel.local'
   cinder_internal_usercert: true
-  cinder_internal_certdata: 'somethinglikeacertificateforcinder'
+  cinder_internal_certdata:
+    content: 'somethinglikeacertificateforcinder'
   cinder_admin: true
   cinder_admin_hostname: 'cinder.admin.fuel.local'
   cinder_admin_usercert: true
-  cinder_admin_certdata: 'somethinglikeacertificateforcinder'
+  cinder_admin_certdata:
+    content: 'somethinglikeacertificateforcinder'
   neutron: true
   neutron_public: true
   neutron_public_hostname: 'neutron.public.fuel.local'
   neutron_public_usercert: true
-  neutron_public_certdata: 'somethinglikeacertificateforneutron'
+  neutron_public_certdata:
+    content: 'somethinglikeacertificateforneutron'
   neutron_internal: true
   neutron_internal_hostname: 'neutron.internal.fuel.local'
   neutron_internal_usercert: true
-  neutron_internal_certdata: 'somethinglikeacertificateforneutron'
+  neutron_internal_certdata:
+    content: 'somethinglikeacertificateforneutron'
   neutron_admin: true
   neutron_admin_hostname: 'neutron.admin.fuel.local'
   neutron_admin_usercert: true
-  neutron_admin_certdata: 'somethinglikeacertificateforneutron'
+  neutron_admin_certdata:
+    content: 'somethinglikeacertificateforneutron'
   swift: true
   swift_public: true
   swift_public_hostname: 'swift.public.fuel.local'
   swift_public_usercert: true
-  swift_public_certdata: 'somethinglikeacertificateforswift'
+  swift_public_certdata:
+    content: 'somethinglikeacertificateforswift'
   swift_internal: true
   swift_internal_hostname: 'swift.internal.fuel.local'
   swift_internal_usercert: true
-  swift_internal_certdata: 'somethinglikeacertificateforswift'
+  swift_internal_certdata:
+    content: 'somethinglikeacertificateforswift'
   swift_admin: true
   swift_admin_hostname: 'swift.admin.fuel.local'
   swift_admin_usercert: true
-  swift_admin_certdata: 'somethinglikeacertificateforswift'
+  swift_admin_certdata:
+    content: 'somethinglikeacertificateforswift'
   sahara: true
   sahara_public: true
   sahara_public_hostname: 'sahara.public.fuel.local'
   sahara_public_usercert: true
-  sahara_public_certdata: 'somethinglikeacertificateforsahara'
+  sahara_public_certdata:
+    content: 'somethinglikeacertificateforsahara'
   sahara_internal: true
   sahara_internal_hostname: 'sahara.internal.fuel.local'
   sahara_internal_usercert: true
-  sahara_internal_certdata: 'somethinglikeacertificateforsahara'
+  sahara_internal_certdata:
+    content: 'somethinglikeacertificateforsahara'
   sahara_admin: true
   sahara_admin_hostname: 'sahara.admin.fuel.local'
   sahara_admin_usercert: true
-  sahara_admin_certdata: 'somethinglikeacertificateforsahara'
+  sahara_admin_certdata:
+    content: 'somethinglikeacertificateforsahara'
   murano: true
   murano_public: true
   murano_public_hostname: 'murano.public.fuel.local'
   murano_public_usercert: true
-  murano_public_certdata: 'somethinglikeacertificateformurano'
+  murano_public_certdata:
+    content: 'somethinglikeacertificateformurano'
   murano_internal: true
   murano_internal_hostname: 'murano.internal.fuel.local'
   murano_internal_usercert: true
-  murano_internal_certdata: 'somethinglikeacertificateformurano'
+  murano_internal_certdata:
+    content: 'somethinglikeacertificateformurano'
   murano_admin: true
   murano_admin_hostname: 'murano.admin.fuel.local'
   murano_admin_usercert: true
-  murano_admin_certdata: 'somethinglikeacertificateformurano'
+  murano_admin_certdata:
+    content: 'somethinglikeacertificateformurano'
   ceilometer: true
   ceilometer_public: true
   ceilometer_public_hostname: 'ceilometer.public.fuel.local'
   ceilometer_public_usercert: true
-  ceilometer_public_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_public_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   ceilometer_internal: true
   ceilometer_internal_hostname: 'ceilometer.internal.fuel.local'
   ceilometer_internal_usercert: true
-  ceilometer_internal_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_internal_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   ceilometer_admin: true
   ceilometer_admin_hostname: 'ceilometer.admin.fuel.local'
   ceilometer_admin_usercert: true
-  ceilometer_admin_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_admin_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   radosgw: true
   radosgw_public: true
   radosgw_public_hostname: 'radosgw.public.fuel.local'
   radosgw_public_usercert: true
-  radosgw_public_certdata: 'somethinglikeacertificateforradosgw'
+  radosgw_public_certdata:
+    content: 'somethinglikeacertificateforradosgw'
 public_ssl:
   metadata:
     label: Public TLS
diff --git a/tests/noop/astute.yaml/neut_vlan.ceph.ceil-primary-controller.overridden_ssl.yaml b/tests/noop/astute.yaml/neut_vlan.ceph.ceil-primary-controller.overridden_ssl.yaml
index feabcc7530..0ca9212cbc 100644
--- a/tests/noop/astute.yaml/neut_vlan.ceph.ceil-primary-controller.overridden_ssl.yaml
+++ b/tests/noop/astute.yaml/neut_vlan.ceph.ceil-primary-controller.overridden_ssl.yaml
@@ -62,145 +62,177 @@ use_ssl:
   horizon_public: true
   horizon_public_hostname: 'horizon.public.fuel.local'
   horizon_public_usercert: true
-  horizon_public_certdata: 'somethinglikeacertificateforhorizon'
+  horizon_public_certdata:
+    content: 'somethinglikeacertificateforhorizon'
   keystone: true
   keystone_public: true
   keystone_public_ip: '10.10.10.10'
   keystone_public_hostname: 'keystone.public.fuel.local'
   keystone_public_usercert: true
-  keystone_public_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_public_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   keystone_internal: true
   keystone_internal_ip: '20.20.20.20'
   keystone_internal_hostname: 'keystone.internal.fuel.local'
   keystone_internal_usercert: true
-  keystone_internal_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_internal_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   keystone_admin: true
   keystone_admin_ip: '30.30.30.30'
   keystone_admin_hostname: 'keystone.admin.fuel.local'
   keystone_admin_usercert: true
-  keystone_admin_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_admin_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   nova: true
   nova_public: true
   nova_public_hostname: 'nova.public.fuel.local'
   nova_public_usercert: true
-  nova_public_certdata: 'somethinglikeacertificatefornova'
+  nova_public_certdata:
+    content: 'somethinglikeacertificatefornova'
   nova_internal: true
   nova_internal_hostname: 'nova.internal.fuel.local'
   nova_internal_usercert: true
-  nova_internal_certdata: 'somethinglikeacertificatefornova'
+  nova_internal_certdata:
+    content: 'somethinglikeacertificatefornova'
   nova_admin: true
   nova_admin_hostname: 'nova.admin.fuel.local'
   nova_admin_usercert: true
-  nova_admin_certdata: 'somethinglikeacertificatefornova'
+  nova_admin_certdata:
+    content: 'somethinglikeacertificatefornova'
   heat: true
   heat_public: true
   heat_public_hostname: 'heat.public.fuel.local'
   heat_public_usercert: true
-  heat_public_certdata: 'somethinglikeacertificateforheat'
+  heat_public_certdata:
+    content: 'somethinglikeacertificateforheat'
   heat_internal: true
   heat_internal_hostname: 'heat.internal.fuel.local'
   heat_internal_usercert: true
-  heat_internal_certdata: 'somethinglikeacertificateforheat'
+  heat_internal_certdata:
+    content: 'somethinglikeacertificateforheat'
   heat_admin: true
   heat_admin_hostname: 'heat.admin.fuel.local'
   heat_admin_usercert: true
-  heat_admin_certdata: 'somethinglikeacertificateforheat'
+  heat_admin_certdata:
+    content: 'somethinglikeacertificateforheat'
   glance: true
   glance_public: true
   glance_public_hostname: 'glance.public.fuel.local'
   glance_public_usercert: true
-  glance_public_certdata: 'somethinglikeacertificateforglance'
+  glance_public_certdata:
+    content: 'somethinglikeacertificateforglance'
   glance_internal: true
   glance_internal_hostname: 'glance.internal.fuel.local'
   glance_internal_usercert: true
-  glance_internal_certdata: 'somethinglikeacertificateforglance'
+  glance_internal_certdata:
+    content: 'somethinglikeacertificateforglance'
   glance_admin: true
   glance_admin_hostname: 'glance.admin.fuel.local'
   glance_admin_usercert: true
-  glance_admin_certdata: 'somethinglikeacertificateforglance'
+  glance_admin_certdata:
+    content: 'somethinglikeacertificateforglance'
   cinder: true
   cinder_public: true
   cinder_public_hostname: 'cinder.public.fuel.local'
   cinder_public_usercert: true
-  cinder_public_certdata: 'somethinglikeacertificateforcinder'
+  cinder_public_certdata:
+    content: 'somethinglikeacertificateforcinder'
   cinder_internal: true
   cinder_internal_hostname: 'cinder.internal.fuel.local'
   cinder_internal_usercert: true
-  cinder_internal_certdata: 'somethinglikeacertificateforcinder'
+  cinder_internal_certdata:
+    content: 'somethinglikeacertificateforcinder'
   cinder_admin: true
   cinder_admin_hostname: 'cinder.admin.fuel.local'
   cinder_admin_usercert: true
-  cinder_admin_certdata: 'somethinglikeacertificateforcinder'
+  cinder_admin_certdata:
+    content: 'somethinglikeacertificateforcinder'
   neutron: true
   neutron_public: true
   neutron_public_hostname: 'neutron.public.fuel.local'
   neutron_public_usercert: true
-  neutron_public_certdata: 'somethinglikeacertificateforneutron'
+  neutron_public_certdata:
+    content: 'somethinglikeacertificateforneutron'
   neutron_internal: true
   neutron_internal_hostname: 'neutron.internal.fuel.local'
   neutron_internal_usercert: true
-  neutron_internal_certdata: 'somethinglikeacertificateforneutron'
+  neutron_internal_certdata:
+    content: 'somethinglikeacertificateforneutron'
   neutron_admin: true
   neutron_admin_hostname: 'neutron.admin.fuel.local'
   neutron_admin_usercert: true
-  neutron_admin_certdata: 'somethinglikeacertificateforneutron'
+  neutron_admin_certdata:
+    content: 'somethinglikeacertificateforneutron'
   swift: true
   swift_public: true
   swift_public_hostname: 'swift.public.fuel.local'
   swift_public_usercert: true
-  swift_public_certdata: 'somethinglikeacertificateforswift'
+  swift_public_certdata:
+    content: 'somethinglikeacertificateforswift'
   swift_internal: true
   swift_internal_hostname: 'swift.internal.fuel.local'
   swift_internal_usercert: true
-  swift_internal_certdata: 'somethinglikeacertificateforswift'
+  swift_internal_certdata:
+    content: 'somethinglikeacertificateforswift'
   swift_admin: true
   swift_admin_hostname: 'swift.admin.fuel.local'
   swift_admin_usercert: true
-  swift_admin_certdata: 'somethinglikeacertificateforswift'
+  swift_admin_certdata:
+    content: 'somethinglikeacertificateforswift'
   sahara: true
   sahara_public: true
   sahara_public_hostname: 'sahara.public.fuel.local'
   sahara_public_usercert: true
-  sahara_public_certdata: 'somethinglikeacertificateforsahara'
+  sahara_public_certdata:
+    content: 'somethinglikeacertificateforsahara'
   sahara_internal: true
   sahara_internal_hostname: 'sahara.internal.fuel.local'
   sahara_internal_usercert: true
-  sahara_internal_certdata: 'somethinglikeacertificateforsahara'
+  sahara_internal_certdata:
+    content: 'somethinglikeacertificateforsahara'
   sahara_admin: true
   sahara_admin_hostname: 'sahara.admin.fuel.local'
   sahara_admin_usercert: true
-  sahara_admin_certdata: 'somethinglikeacertificateforsahara'
+  sahara_admin_certdata:
+    content: 'somethinglikeacertificateforsahara'
   murano: true
   murano_public: true
   murano_public_hostname: 'murano.public.fuel.local'
   murano_public_usercert: true
-  murano_public_certdata: 'somethinglikeacertificateformurano'
+  murano_public_certdata:
+    content: 'somethinglikeacertificateformurano'
   murano_internal: true
   murano_internal_hostname: 'murano.internal.fuel.local'
   murano_internal_usercert: true
-  murano_internal_certdata: 'somethinglikeacertificateformurano'
+  murano_internal_certdata:
+    content: 'somethinglikeacertificateformurano'
   murano_admin: true
   murano_admin_hostname: 'murano.admin.fuel.local'
   murano_admin_usercert: true
-  murano_admin_certdata: 'somethinglikeacertificateformurano'
+  murano_admin_certdata:
+    content: 'somethinglikeacertificateformurano'
   ceilometer: true
   ceilometer_public: true
   ceilometer_public_hostname: 'ceilometer.public.fuel.local'
   ceilometer_public_usercert: true
-  ceilometer_public_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_public_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   ceilometer_internal: true
   ceilometer_internal_hostname: 'ceilometer.internal.fuel.local'
   ceilometer_internal_usercert: true
-  ceilometer_internal_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_internal_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   ceilometer_admin: true
   ceilometer_admin_hostname: 'ceilometer.admin.fuel.local'
   ceilometer_admin_usercert: true
-  ceilometer_admin_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_admin_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   radosgw: true
   radosgw_public: true
   radosgw_public_hostname: 'radosgw.public.fuel.local'
   radosgw_public_usercert: true
-  radosgw_public_certdata: 'somethinglikeacertificateforradosgw'
+  radosgw_public_certdata:
+    content: 'somethinglikeacertificateforradosgw'
 public_ssl:
   metadata:
     label: Public TLS
diff --git a/tests/noop/astute.yaml/neut_vlan.compute.ssl.overridden.yaml b/tests/noop/astute.yaml/neut_vlan.compute.ssl.overridden.yaml
index 4c40dde2e9..12b87ff585 100644
--- a/tests/noop/astute.yaml/neut_vlan.compute.ssl.overridden.yaml
+++ b/tests/noop/astute.yaml/neut_vlan.compute.ssl.overridden.yaml
@@ -866,145 +866,177 @@ use_ssl:
   horizon_public: true
   horizon_public_hostname: 'horizon.public.fuel.local'
   horizon_public_usercert: true
-  horizon_public_certdata: 'somethinglikeacertificateforhorizon'
+  horizon_public_certdata:
+    content: 'somethinglikeacertificateforhorizon'
   keystone: true
   keystone_public: true
   keystone_public_ip: '10.10.10.10'
   keystone_public_hostname: 'keystone.public.fuel.local'
   keystone_public_usercert: true
-  keystone_public_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_public_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   keystone_internal: true
   keystone_internal_ip: '20.20.20.20'
   keystone_internal_hostname: 'keystone.internal.fuel.local'
   keystone_internal_usercert: true
-  keystone_internal_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_internal_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   keystone_admin: true
   keystone_admin_ip: '30.30.30.30'
   keystone_admin_hostname: 'keystone.admin.fuel.local'
   keystone_admin_usercert: true
-  keystone_admin_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_admin_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   nova: true
   nova_public: true
   nova_public_hostname: 'nova.public.fuel.local'
   nova_public_usercert: true
-  nova_public_certdata: 'somethinglikeacertificatefornova'
+  nova_public_certdata:
+    content: 'somethinglikeacertificatefornova'
   nova_internal: true
   nova_internal_hostname: 'nova.internal.fuel.local'
   nova_internal_usercert: true
-  nova_internal_certdata: 'somethinglikeacertificatefornova'
+  nova_internal_certdata:
+    content: 'somethinglikeacertificatefornova'
   nova_admin: true
   nova_admin_hostname: 'nova.admin.fuel.local'
   nova_admin_usercert: true
-  nova_admin_certdata: 'somethinglikeacertificatefornova'
+  nova_admin_certdata:
+    content: 'somethinglikeacertificatefornova'
   heat: true
   heat_public: true
   heat_public_hostname: 'heat.public.fuel.local'
   heat_public_usercert: true
-  heat_public_certdata: 'somethinglikeacertificateforheat'
+  heat_public_certdata:
+    content: 'somethinglikeacertificateforheat'
   heat_internal: true
   heat_internal_hostname: 'heat.internal.fuel.local'
   heat_internal_usercert: true
-  heat_internal_certdata: 'somethinglikeacertificateforheat'
+  heat_internal_certdata:
+    content: 'somethinglikeacertificateforheat'
   heat_admin: true
   heat_admin_hostname: 'heat.admin.fuel.local'
   heat_admin_usercert: true
-  heat_admin_certdata: 'somethinglikeacertificateforheat'
+  heat_admin_certdata:
+    content: 'somethinglikeacertificateforheat'
   glance: true
   glance_public: true
   glance_public_hostname: 'glance.public.fuel.local'
   glance_public_usercert: true
-  glance_public_certdata: 'somethinglikeacertificateforglance'
+  glance_public_certdata:
+    content: 'somethinglikeacertificateforglance'
   glance_internal: true
   glance_internal_hostname: 'glance.internal.fuel.local'
   glance_internal_usercert: true
-  glance_internal_certdata: 'somethinglikeacertificateforglance'
+  glance_internal_certdata:
+    content: 'somethinglikeacertificateforglance'
   glance_admin: true
   glance_admin_hostname: 'glance.admin.fuel.local'
   glance_admin_usercert: true
-  glance_admin_certdata: 'somethinglikeacertificateforglance'
+  glance_admin_certdata:
+    content: 'somethinglikeacertificateforglance'
   cinder: true
   cinder_public: true
   cinder_public_hostname: 'cinder.public.fuel.local'
   cinder_public_usercert: true
-  cinder_public_certdata: 'somethinglikeacertificateforcinder'
+  cinder_public_certdata:
+    content: 'somethinglikeacertificateforcinder'
   cinder_internal: true
   cinder_internal_hostname: 'cinder.internal.fuel.local'
   cinder_internal_usercert: true
-  cinder_internal_certdata: 'somethinglikeacertificateforcinder'
+  cinder_internal_certdata:
+    content: 'somethinglikeacertificateforcinder'
   cinder_admin: true
   cinder_admin_hostname: 'cinder.admin.fuel.local'
   cinder_admin_usercert: true
-  cinder_admin_certdata: 'somethinglikeacertificateforcinder'
+  cinder_admin_certdata:
+    content: 'somethinglikeacertificateforcinder'
   neutron: true
   neutron_public: true
   neutron_public_hostname: 'neutron.public.fuel.local'
   neutron_public_usercert: true
-  neutron_public_certdata: 'somethinglikeacertificateforneutron'
+  neutron_public_certdata:
+    content: 'somethinglikeacertificateforneutron'
   neutron_internal: true
   neutron_internal_hostname: 'neutron.internal.fuel.local'
   neutron_internal_usercert: true
-  neutron_internal_certdata: 'somethinglikeacertificateforneutron'
+  neutron_internal_certdata:
+    content: 'somethinglikeacertificateforneutron'
   neutron_admin: true
   neutron_admin_hostname: 'neutron.admin.fuel.local'
   neutron_admin_usercert: true
-  neutron_admin_certdata: 'somethinglikeacertificateforneutron'
+  neutron_admin_certdata:
+    content: 'somethinglikeacertificateforneutron'
   swift: true
   swift_public: true
   swift_public_hostname: 'swift.public.fuel.local'
   swift_public_usercert: true
-  swift_public_certdata: 'somethinglikeacertificateforswift'
+  swift_public_certdata:
+    content: 'somethinglikeacertificateforswift'
   swift_internal: true
   swift_internal_hostname: 'swift.internal.fuel.local'
   swift_internal_usercert: true
-  swift_internal_certdata: 'somethinglikeacertificateforswift'
+  swift_internal_certdata:
+    content: 'somethinglikeacertificateforswift'
   swift_admin: true
   swift_admin_hostname: 'swift.admin.fuel.local'
   swift_admin_usercert: true
-  swift_admin_certdata: 'somethinglikeacertificateforswift'
+  swift_admin_certdata:
+    content: 'somethinglikeacertificateforswift'
   sahara: true
   sahara_public: true
   sahara_public_hostname: 'sahara.public.fuel.local'
   sahara_public_usercert: true
-  sahara_public_certdata: 'somethinglikeacertificateforsahara'
+  sahara_public_certdata:
+    content: 'somethinglikeacertificateforsahara'
   sahara_internal: true
   sahara_internal_hostname: 'sahara.internal.fuel.local'
   sahara_internal_usercert: true
-  sahara_internal_certdata: 'somethinglikeacertificateforsahara'
+  sahara_internal_certdata:
+    content: 'somethinglikeacertificateforsahara'
   sahara_admin: true
   sahara_admin_hostname: 'sahara.admin.fuel.local'
   sahara_admin_usercert: true
-  sahara_admin_certdata: 'somethinglikeacertificateforsahara'
+  sahara_admin_certdata:
+    content: 'somethinglikeacertificateforsahara'
   murano: true
   murano_public: true
   murano_public_hostname: 'murano.public.fuel.local'
   murano_public_usercert: true
-  murano_public_certdata: 'somethinglikeacertificateformurano'
+  murano_public_certdata:
+    content: 'somethinglikeacertificateformurano'
   murano_internal: true
   murano_internal_hostname: 'murano.internal.fuel.local'
   murano_internal_usercert: true
-  murano_internal_certdata: 'somethinglikeacertificateformurano'
+  murano_internal_certdata:
+    content: 'somethinglikeacertificateformurano'
   murano_admin: true
   murano_admin_hostname: 'murano.admin.fuel.local'
   murano_admin_usercert: true
-  murano_admin_certdata: 'somethinglikeacertificateformurano'
+  murano_admin_certdata:
+    content: 'somethinglikeacertificateformurano'
   ceilometer: true
   ceilometer_public: true
   ceilometer_public_hostname: 'ceilometer.public.fuel.local'
   ceilometer_public_usercert: true
-  ceilometer_public_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_public_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   ceilometer_internal: true
   ceilometer_internal_hostname: 'ceilometer.internal.fuel.local'
   ceilometer_internal_usercert: true
-  ceilometer_internal_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_internal_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   ceilometer_admin: true
   ceilometer_admin_hostname: 'ceilometer.admin.fuel.local'
   ceilometer_admin_usercert: true
-  ceilometer_admin_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_admin_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   radosgw: true
   radosgw_public: true
   radosgw_public_hostname: 'radosgw.public.fuel.local'
   radosgw_public_usercert: true
-  radosgw_public_certdata: 'somethinglikeacertificateforradosgw'
+  radosgw_public_certdata:
+    content: 'somethinglikeacertificateforradosgw'
 public_ssl:
   hostname: public.fuel.local
   horizon: true
diff --git a/tests/noop/astute.yaml/neut_vxlan_dvr.murano.sahara-primary-controller.overridden_ssl.yaml b/tests/noop/astute.yaml/neut_vxlan_dvr.murano.sahara-primary-controller.overridden_ssl.yaml
index ad384fce40..3b1cccdee9 100644
--- a/tests/noop/astute.yaml/neut_vxlan_dvr.murano.sahara-primary-controller.overridden_ssl.yaml
+++ b/tests/noop/astute.yaml/neut_vxlan_dvr.murano.sahara-primary-controller.overridden_ssl.yaml
@@ -62,145 +62,177 @@ use_ssl:
   horizon_public: true
   horizon_public_hostname: 'horizon.public.fuel.local'
   horizon_public_usercert: true
-  horizon_public_certdata: 'somethinglikeacertificateforhorizon'
+  horizon_public_certdata:
+    content: 'somethinglikeacertificateforhorizon'
   keystone: true
   keystone_public: true
   keystone_public_ip: '10.10.10.10'
   keystone_public_hostname: 'keystone.public.fuel.local'
   keystone_public_usercert: true
-  keystone_public_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_public_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   keystone_internal: true
   keystone_internal_ip: '20.20.20.20'
   keystone_internal_hostname: 'keystone.internal.fuel.local'
   keystone_internal_usercert: true
-  keystone_internal_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_internal_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   keystone_admin: true
   keystone_admin_ip: '30.30.30.30'
   keystone_admin_hostname: 'keystone.admin.fuel.local'
   keystone_admin_usercert: true
-  keystone_admin_certdata: 'somethinglikeacertificateforkeystone'
+  keystone_admin_certdata:
+    content: 'somethinglikeacertificateforkeystone'
   nova: true
   nova_public: true
   nova_public_hostname: 'nova.public.fuel.local'
   nova_public_usercert: true
-  nova_public_certdata: 'somethinglikeacertificatefornova'
+  nova_public_certdata:
+    content: 'somethinglikeacertificatefornova'
   nova_internal: true
   nova_internal_hostname: 'nova.internal.fuel.local'
   nova_internal_usercert: true
-  nova_internal_certdata: 'somethinglikeacertificatefornova'
+  nova_internal_certdata:
+    content: 'somethinglikeacertificatefornova'
   nova_admin: true
   nova_admin_hostname: 'nova.admin.fuel.local'
   nova_admin_usercert: true
-  nova_admin_certdata: 'somethinglikeacertificatefornova'
+  nova_admin_certdata:
+    content: 'somethinglikeacertificatefornova'
   heat: true
   heat_public: true
   heat_public_hostname: 'heat.public.fuel.local'
   heat_public_usercert: true
-  heat_public_certdata: 'somethinglikeacertificateforheat'
+  heat_public_certdata:
+    content: 'somethinglikeacertificateforheat'
   heat_internal: true
   heat_internal_hostname: 'heat.internal.fuel.local'
   heat_internal_usercert: true
-  heat_internal_certdata: 'somethinglikeacertificateforheat'
+  heat_internal_certdata:
+    content: 'somethinglikeacertificateforheat'
   heat_admin: true
   heat_admin_hostname: 'heat.admin.fuel.local'
   heat_admin_usercert: true
-  heat_admin_certdata: 'somethinglikeacertificateforheat'
+  heat_admin_certdata:
+    content: 'somethinglikeacertificateforheat'
   glance: true
   glance_public: true
   glance_public_hostname: 'glance.public.fuel.local'
   glance_public_usercert: true
-  glance_public_certdata: 'somethinglikeacertificateforglance'
+  glance_public_certdata:
+    content: 'somethinglikeacertificateforglance'
   glance_internal: true
   glance_internal_hostname: 'glance.internal.fuel.local'
   glance_internal_usercert: true
-  glance_internal_certdata: 'somethinglikeacertificateforglance'
+  glance_internal_certdata:
+    content: 'somethinglikeacertificateforglance'
   glance_admin: true
   glance_admin_hostname: 'glance.admin.fuel.local'
   glance_admin_usercert: true
-  glance_admin_certdata: 'somethinglikeacertificateforglance'
+  glance_admin_certdata:
+    content: 'somethinglikeacertificateforglance'
   cinder: true
   cinder_public: true
   cinder_public_hostname: 'cinder.public.fuel.local'
   cinder_public_usercert: true
-  cinder_public_certdata: 'somethinglikeacertificateforcinder'
+  cinder_public_certdata:
+    content: 'somethinglikeacertificateforcinder'
   cinder_internal: true
   cinder_internal_hostname: 'cinder.internal.fuel.local'
   cinder_internal_usercert: true
-  cinder_internal_certdata: 'somethinglikeacertificateforcinder'
+  cinder_internal_certdata:
+    content: 'somethinglikeacertificateforcinder'
   cinder_admin: true
   cinder_admin_hostname: 'cinder.admin.fuel.local'
   cinder_admin_usercert: true
-  cinder_admin_certdata: 'somethinglikeacertificateforcinder'
+  cinder_admin_certdata:
+    content: 'somethinglikeacertificateforcinder'
   neutron: true
   neutron_public: true
   neutron_public_hostname: 'neutron.public.fuel.local'
   neutron_public_usercert: true
-  neutron_public_certdata: 'somethinglikeacertificateforneutron'
+  neutron_public_certdata:
+    content: 'somethinglikeacertificateforneutron'
   neutron_internal: true
   neutron_internal_hostname: 'neutron.internal.fuel.local'
   neutron_internal_usercert: true
-  neutron_internal_certdata: 'somethinglikeacertificateforneutron'
+  neutron_internal_certdata:
+    content: 'somethinglikeacertificateforneutron'
   neutron_admin: true
   neutron_admin_hostname: 'neutron.admin.fuel.local'
   neutron_admin_usercert: true
-  neutron_admin_certdata: 'somethinglikeacertificateforneutron'
+  neutron_admin_certdata:
+    content: 'somethinglikeacertificateforneutron'
   swift: true
   swift_public: true
   swift_public_hostname: 'swift.public.fuel.local'
   swift_public_usercert: true
-  swift_public_certdata: 'somethinglikeacertificateforswift'
+  swift_public_certdata:
+    content: 'somethinglikeacertificateforswift'
   swift_internal: true
   swift_internal_hostname: 'swift.internal.fuel.local'
   swift_internal_usercert: true
-  swift_internal_certdata: 'somethinglikeacertificateforswift'
+  swift_internal_certdata:
+    content: 'somethinglikeacertificateforswift'
   swift_admin: true
   swift_admin_hostname: 'swift.admin.fuel.local'
   swift_admin_usercert: true
-  swift_admin_certdata: 'somethinglikeacertificateforswift'
+  swift_admin_certdata:
+    content: 'somethinglikeacertificateforswift'
   sahara: true
   sahara_public: true
   sahara_public_hostname: 'sahara.public.fuel.local'
   sahara_public_usercert: true
-  sahara_public_certdata: 'somethinglikeacertificateforsahara'
+  sahara_public_certdata:
+    content: 'somethinglikeacertificateforsahara'
   sahara_internal: true
   sahara_internal_hostname: 'sahara.internal.fuel.local'
   sahara_internal_usercert: true
-  sahara_internal_certdata: 'somethinglikeacertificateforsahara'
+  sahara_internal_certdata:
+    content: 'somethinglikeacertificateforsahara'
   sahara_admin: true
   sahara_admin_hostname: 'sahara.admin.fuel.local'
   sahara_admin_usercert: true
-  sahara_admin_certdata: 'somethinglikeacertificateforsahara'
+  sahara_admin_certdata:
+    content: 'somethinglikeacertificateforsahara'
   murano: true
   murano_public: true
   murano_public_hostname: 'murano.public.fuel.local'
   murano_public_usercert: true
-  murano_public_certdata: 'somethinglikeacertificateformurano'
+  murano_public_certdata:
+    content: 'somethinglikeacertificateformurano'
   murano_internal: true
   murano_internal_hostname: 'murano.internal.fuel.local'
   murano_internal_usercert: true
-  murano_internal_certdata: 'somethinglikeacertificateformurano'
+  murano_internal_certdata:
+    content: 'somethinglikeacertificateformurano'
   murano_admin: true
   murano_admin_hostname: 'murano.admin.fuel.local'
   murano_admin_usercert: true
-  murano_admin_certdata: 'somethinglikeacertificateformurano'
+  murano_admin_certdata:
+    content: 'somethinglikeacertificateformurano'
   ceilometer: true
   ceilometer_public: true
   ceilometer_public_hostname: 'ceilometer.public.fuel.local'
   ceilometer_public_usercert: true
-  ceilometer_public_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_public_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   ceilometer_internal: true
   ceilometer_internal_hostname: 'ceilometer.internal.fuel.local'
   ceilometer_internal_usercert: true
-  ceilometer_internal_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_internal_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   ceilometer_admin: true
   ceilometer_admin_hostname: 'ceilometer.admin.fuel.local'
   ceilometer_admin_usercert: true
-  ceilometer_admin_certdata: 'somethinglikeacertificateforceilometer'
+  ceilometer_admin_certdata:
+    content: 'somethinglikeacertificateforceilometer'
   radosgw: true
   radosgw_public: true
   radosgw_public_hostname: 'radosgw.public.fuel.local'
   radosgw_public_usercert: true
-  radosgw_public_certdata: 'somethinglikeacertificateforradosgw'
+  radosgw_public_certdata:
+    content: 'somethinglikeacertificateforradosgw'
 public_ssl:
   metadata:
     label: Public TLS
diff --git a/tests/noop/spec/hosts/ssl/ssl_keys_saving_spec.rb b/tests/noop/spec/hosts/ssl/ssl_keys_saving_spec.rb
index e43c994486..6a4d5e100c 100644
--- a/tests/noop/spec/hosts/ssl/ssl_keys_saving_spec.rb
+++ b/tests/noop/spec/hosts/ssl/ssl_keys_saving_spec.rb
@@ -10,7 +10,7 @@ describe manifest do
         types = [ 'public', 'internal', 'admin' ]
         services.each do |service|
           types.each do |type|
-            certdata = Noop.hiera_structure "use_ssl/#{service}_#{type}_certdata"
+            certdata = Noop.hiera_structure "use_ssl/#{service}_#{type}_certdata/content"
             it "should create certificate file with all data for #{type} #{service} in /etc/" do
               should contain_file("/etc/pki/tls/certs/#{type}_#{service}.pem").with(
                 'ensure'  => 'present',
@@ -31,7 +31,7 @@ describe manifest do
       context 'for public-only services' do
         services = [ 'horizon', 'radosgw' ]
         services.each do |service|
-          certdata = Noop.hiera_structure "use_ssl/#{service}_public_certdata"
+          certdata = Noop.hiera_structure "use_ssl/#{service}_public_certdata/content"
           it "should create certificate file with all data for public #{service} in /etc/" do
             should contain_file("/etc/pki/tls/certs/public_#{service}.pem").with(
               'ensure'  => 'present',