openstack/charm-keystone
Code Issues Proposed changes

Merge "Enable vault tls-certificates for SAML Mellon"

Browse Source
This commit is contained in:
Zuul 2019-03-11 19:14:52 +00:00 committed by Gerrit Code Review
commit 57acbfb52d
2 changed files with 58 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hooks/keystone_hooks.py
View File

@ -145,6 +145,7 @@ from charmhelpers.contrib.peerstorage import (
)
from charmhelpers.contrib.openstack.ip import (
ADMIN,
PUBLIC,
resolve_address,
)
@ -759,12 +760,19 @@ def websso_trusted_dashboard_changed():
def update_keystone_fid_service_provider(relation_id=None):
tls_enabled = (config('ssl_cert') is not None and
config('ssl_key') is not None)
if relation_ids('certificates'):
tls_enabled = True
else:
tls_enabled = (config('ssl_cert') is not None and
config('ssl_key') is not None)
# NOTE: thedac Use resolve_address which checks host name, VIP and
# network bindings. Use PUBLIC for now. Possible TODO make this
# configurable?
hostname = resolve_address(endpoint_type=PUBLIC, override=True)
# reactive endpoints implementation on the other side, hence
# json-encoded values
fid_settings = {
'hostname': json.dumps(config('os-public-hostname')),
'hostname': json.dumps(hostname),
'port': json.dumps(config('service-port')),
'tls-enabled': json.dumps(tls_enabled),
}

47
unit_tests/test_keystone_hooks.py
View File

@ -829,6 +829,7 @@ class KeystoneRelationTests(CharmTestCase):
self.is_leader.return_value = True
self.is_db_ready.return_value = True
is_db_initialised.return_value = True
self.resolve_address.return_value = "10.0.0.10"
mock_kv = MagicMock()
mock_kv.get.return_value = None
self.unitdata.kv.return_value = mock_kv
@ -871,6 +872,7 @@ class KeystoneRelationTests(CharmTestCase):
mock_kv.get.return_value = None
self.unitdata.kv.return_value = mock_kv
is_unit_paused_set.return_value = False
self.resolve_address.return_value = "10.0.0.10"
hooks.keystone_fid_service_provider_changed()
@ -884,6 +886,51 @@ class KeystoneRelationTests(CharmTestCase):
'nonce2')
self.assertTrue(mock_kv.flush.called)
def test_update_keystone_fid_service_provider_no_tls(self):
self.relation_ids.return_value = []
public_addr = "10.0.0.10"
self.resolve_address.return_value = public_addr
relation_id = "keystone-fid-service-provider-certificates:5"
relation_settings = {
'hostname': '"{}"'.format(public_addr),
'port': '5000',
'tls-enabled': 'false'
}
hooks.update_keystone_fid_service_provider(relation_id=relation_id)
self.relation_set.assert_called_once_with(
relation_id=relation_id, relation_settings=relation_settings)
def test_update_keystone_fid_service_provider_tls_certificates_relation(
self):
self.relation_ids.return_value = ["certficates:9"]
public_addr = "10.0.0.10"
self.resolve_address.return_value = public_addr
relation_id = "keystone-fid-service-provider-certificates:5"
relation_settings = {
'hostname': '"{}"'.format(public_addr),
'port': '5000',
'tls-enabled': 'true'
}
hooks.update_keystone_fid_service_provider(relation_id=relation_id)
self.relation_set.assert_called_once_with(
relation_id=relation_id, relation_settings=relation_settings)
def test_update_keystone_fid_service_provider_ssl_config(self):
self.test_config.set("ssl_cert", "CERTIFICATE")
self.test_config.set("ssl_key", "KEY")
self.relation_ids.return_value = []
public_addr = "10.0.0.10"
self.resolve_address.return_value = public_addr
relation_id = "keystone-fid-service-provider-certificates:5"
relation_settings = {
'hostname': '"{}"'.format(public_addr),
'port': '5000',
'tls-enabled': 'true'
}
hooks.update_keystone_fid_service_provider(relation_id=relation_id)
self.relation_set.assert_called_once_with(
relation_id=relation_id, relation_settings=relation_settings)
@patch.object(hooks, 'relation_set')
@patch.object(hooks, 'get_certificate_request')
def test_certs_joined(self, get_certificate_request, relation_set):