more

2015-01-27 23:56:15 +00:00 · 2015-01-27 23:56:15 +00:00 · 0fe447683a
commit 0fe447683a
parent 54a58fca29
2 changed files with 13 additions and 6 deletions
--- a/hooks/keystone_context.py
+++ b/hooks/keystone_context.py
@ -72,11 +72,7 @@ class ApacheSSLContext(context.ApacheSSLContext):
        if not is_ssl_enabled():
            return

-        if not is_ssl_cert_master():
-            log("Not ssl-cert-master - skipping apache cert config until "
-                "master is elected", level=INFO)
-            return
-
+        # Ensure ssl dir exists whether master or not
        ssl_dir = os.path.join('/etc/apache2/ssl/', self.service_namespace)
        perms = 0o755
        mkdir(path=ssl_dir, owner=SSH_USER, group='keystone', perms=perms)
@ -84,6 +80,11 @@ class ApacheSSLContext(context.ApacheSSLContext):
        ensure_permissions(ssl_dir, user=SSH_USER, group='keystone',
                           perms=perms)

+        if not is_ssl_cert_master():
+            log("Not ssl-cert-master - skipping apache cert config until "
+                "master is elected", level=INFO)
+            return
+
        log("Creating apache ssl certs in %s" % (ssl_dir), level=INFO)

        ca = get_ca(user=SSH_USER)
--- a/unit_tests/test_keystone_contexts.py
+++ b/unit_tests/test_keystone_contexts.py
@ -17,6 +17,8 @@ class TestKeystoneContexts(CharmTestCase):
        super(TestKeystoneContexts, self).setUp(context, TO_PATCH)

    @patch.object(context, 'mkdir')
+    @patch('keystone_utils.get_ca')
+    @patch('keystone_utils.ensure_permissions')
    @patch('keystone_utils.determine_ports')
    @patch('keystone_utils.is_ssl_cert_master')
    @patch('keystone_utils.is_ssl_enabled')
@ -26,13 +28,17 @@ class TestKeystoneContexts(CharmTestCase):
                                               mock_is_ssl_enabled,
                                               mock_is_ssl_cert_master,
                                               mock_determine_ports,
+                                               mock_ensure_permissions,
+                                               mock_get_ca,
                                               mock_mkdir):
        mock_is_ssl_enabled.return_value = True
        mock_is_ssl_cert_master.return_value = False

        context.ApacheSSLContext().configure_cert('foo')
        context.ApacheSSLContext().configure_ca()
-        self.assertFalse(mock_mkdir.called)
+        self.assertTrue(mock_mkdir.called)
+        self.assertTrue(mock_ensure_permissions.called)
+        self.assertFalse(mock_get_ca.called)

    @patch('keystone_utils.is_ssl_cert_master')
    @patch('keystone_utils.is_ssl_enabled')