openstack/charm-keystone
Code Issues Proposed changes

[hopem,r=]

Browse Source 
Fix PKI issues (from l/e merge)
This commit is contained in:
Edward Hope-Morley 2015-07-21 14:44:57 +01:00
parent 66238dd6ad
commit 0f49717cd1
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hooks/keystone_hooks.py
View File

@ -76,6 +76,7 @@ from keystone_utils import (
is_pki_enabled,
ensure_ssl_dir,
ensure_pki_dir_permissions,
ensure_permissions,
force_ssl_sync,
filter_null,
ensure_ssl_dirs,
@ -181,12 +182,19 @@ def initialise_pki():
NOTE: keystone.conf [signing] section must be up-to-date prior to
executing this.
"""
if is_ssl_cert_master():
if not peer_units() or is_ssl_cert_master():
log("Ensuring PKI token certs created", level=DEBUG)
cmd = ['keystone-manage', 'pki_setup', '--keystone-user', 'keystone',
'--keystone-group', 'keystone']
check_call(cmd)
# Ensure logfile has keystone perms since we may have just created it
# with root.
ensure_permissions('/var/log/keystone', user='keystone',
group='keystone', perms=0o744)
ensure_permissions('/var/log/keystone/keystone.log', user='keystone',
group='keystone', perms=0o644)
ensure_pki_dir_permissions()

6
unit_tests/test_keystone_hooks.py
View File

@ -306,6 +306,7 @@ class KeystoneRelationTests(CharmTestCase):
@patch('keystone_utils.log')
@patch('keystone_utils.ensure_ssl_cert_master')
@patch('keystone_utils.ensure_ssl_dirs')
@patch.object(hooks, 'ensure_permissions')
@patch.object(hooks, 'ensure_pki_dir_permissions')
@patch.object(hooks, 'ensure_ssl_dir')
@patch.object(hooks, 'is_pki_enabled')
@ -330,6 +331,7 @@ class KeystoneRelationTests(CharmTestCase):
mock_is_ssl_cert_master,
mock_is_pki_enabled,
mock_ensure_ssl_dir,
mock_ensure_permissions,
mock_ensure_pki_dir_permissions,
mock_ensure_ssl_dirs,
mock_ensure_ssl_cert_master,
@ -368,6 +370,7 @@ class KeystoneRelationTests(CharmTestCase):
@patch('keystone_utils.ensure_ssl_cert_master')
@patch('keystone_utils.ensure_ssl_dirs')
@patch.object(hooks, 'update_all_identity_relation_units')
@patch.object(hooks, 'ensure_permissions')
@patch.object(hooks, 'ensure_pki_dir_permissions')
@patch.object(hooks, 'ensure_ssl_dir')
@patch.object(hooks, 'is_pki_enabled')
@ -387,6 +390,7 @@ class KeystoneRelationTests(CharmTestCase):
mock_peer_units,
mock_is_pki_enabled,
mock_ensure_ssl_dir,
mock_ensure_permissions,
mock_ensure_pki_permissions,
mock_update_all_id_rel_units,
ensure_ssl_dirs,
@ -416,6 +420,7 @@ class KeystoneRelationTests(CharmTestCase):
@patch('keystone_utils.log')
@patch('keystone_utils.ensure_ssl_cert_master')
@patch('keystone_utils.ensure_ssl_dirs')
@patch.object(hooks, 'ensure_permissions')
@patch.object(hooks, 'ensure_pki_dir_permissions')
@patch.object(hooks, 'ensure_ssl_dir')
@patch.object(hooks, 'is_pki_enabled')
@ -439,6 +444,7 @@ class KeystoneRelationTests(CharmTestCase):
mock_is_ssl_cert_master,
mock_is_pki_enabled,
mock_ensure_ssl_dir,
mock_ensure_permissions,
mock_ensure_pki_permissions,
mock_ensure_ssl_dirs,
mock_ensure_ssl_cert_master,