Merge "Enable vault tls-certificates for SAML Mellon"
This commit is contained in:
Zuul
Gerrit Code Review
commit
57acbfb52d
@ -145,6 +145,7 @@ from charmhelpers.contrib.peerstorage import (
|
|||||||
)
|
)
|
||||||
from charmhelpers.contrib.openstack.ip import (
|
from charmhelpers.contrib.openstack.ip import (
|
||||||
ADMIN,
|
ADMIN,
|
||||||
|
PUBLIC,
|
||||||
resolve_address,
|
resolve_address,
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -759,12 +760,19 @@ def websso_trusted_dashboard_changed():
|
|||||||
|
|
||||||
|
|
||||||
def update_keystone_fid_service_provider(relation_id=None):
|
def update_keystone_fid_service_provider(relation_id=None):
|
||||||
|
if relation_ids('certificates'):
|
||||||
|
tls_enabled = True
|
||||||
|
else:
|
||||||
tls_enabled = (config('ssl_cert') is not None and
|
tls_enabled = (config('ssl_cert') is not None and
|
||||||
config('ssl_key') is not None)
|
config('ssl_key') is not None)
|
||||||
|
# NOTE: thedac Use resolve_address which checks host name, VIP and
|
||||||
|
# network bindings. Use PUBLIC for now. Possible TODO make this
|
||||||
|
# configurable?
|
||||||
|
hostname = resolve_address(endpoint_type=PUBLIC, override=True)
|
||||||
# reactive endpoints implementation on the other side, hence
|
# reactive endpoints implementation on the other side, hence
|
||||||
# json-encoded values
|
# json-encoded values
|
||||||
fid_settings = {
|
fid_settings = {
|
||||||
'hostname': json.dumps(config('os-public-hostname')),
|
'hostname': json.dumps(hostname),
|
||||||
'port': json.dumps(config('service-port')),
|
'port': json.dumps(config('service-port')),
|
||||||
'tls-enabled': json.dumps(tls_enabled),
|
'tls-enabled': json.dumps(tls_enabled),
|
||||||
}
|
}
|
||||||
|
|||||||
@ -829,6 +829,7 @@ class KeystoneRelationTests(CharmTestCase):
|
|||||||
self.is_leader.return_value = True
|
self.is_leader.return_value = True
|
||||||
self.is_db_ready.return_value = True
|
self.is_db_ready.return_value = True
|
||||||
is_db_initialised.return_value = True
|
is_db_initialised.return_value = True
|
||||||
|
self.resolve_address.return_value = "10.0.0.10"
|
||||||
mock_kv = MagicMock()
|
mock_kv = MagicMock()
|
||||||
mock_kv.get.return_value = None
|
mock_kv.get.return_value = None
|
||||||
self.unitdata.kv.return_value = mock_kv
|
self.unitdata.kv.return_value = mock_kv
|
||||||
@ -871,6 +872,7 @@ class KeystoneRelationTests(CharmTestCase):
|
|||||||
mock_kv.get.return_value = None
|
mock_kv.get.return_value = None
|
||||||
self.unitdata.kv.return_value = mock_kv
|
self.unitdata.kv.return_value = mock_kv
|
||||||
is_unit_paused_set.return_value = False
|
is_unit_paused_set.return_value = False
|
||||||
|
self.resolve_address.return_value = "10.0.0.10"
|
||||||
|
|
||||||
hooks.keystone_fid_service_provider_changed()
|
hooks.keystone_fid_service_provider_changed()
|
||||||
|
|
||||||
@ -884,6 +886,51 @@ class KeystoneRelationTests(CharmTestCase):
|
|||||||
'nonce2')
|
'nonce2')
|
||||||
self.assertTrue(mock_kv.flush.called)
|
self.assertTrue(mock_kv.flush.called)
|
||||||
|
|
||||||
|
def test_update_keystone_fid_service_provider_no_tls(self):
|
||||||
|
self.relation_ids.return_value = []
|
||||||
|
public_addr = "10.0.0.10"
|
||||||
|
self.resolve_address.return_value = public_addr
|
||||||
|
relation_id = "keystone-fid-service-provider-certificates:5"
|
||||||
|
relation_settings = {
|
||||||
|
'hostname': '"{}"'.format(public_addr),
|
||||||
|
'port': '5000',
|
||||||
|
'tls-enabled': 'false'
|
||||||
|
}
|
||||||
|
hooks.update_keystone_fid_service_provider(relation_id=relation_id)
|
||||||
|
self.relation_set.assert_called_once_with(
|
||||||
|
relation_id=relation_id, relation_settings=relation_settings)
|
||||||
|
|
||||||
|
def test_update_keystone_fid_service_provider_tls_certificates_relation(
|
||||||
|
self):
|
||||||
|
self.relation_ids.return_value = ["certficates:9"]
|
||||||
|
public_addr = "10.0.0.10"
|
||||||
|
self.resolve_address.return_value = public_addr
|
||||||
|
relation_id = "keystone-fid-service-provider-certificates:5"
|
||||||
|
relation_settings = {
|
||||||
|
'hostname': '"{}"'.format(public_addr),
|
||||||
|
'port': '5000',
|
||||||
|
'tls-enabled': 'true'
|
||||||
|
}
|
||||||
|
hooks.update_keystone_fid_service_provider(relation_id=relation_id)
|
||||||
|
self.relation_set.assert_called_once_with(
|
||||||
|
relation_id=relation_id, relation_settings=relation_settings)
|
||||||
|
|
||||||
|
def test_update_keystone_fid_service_provider_ssl_config(self):
|
||||||
|
self.test_config.set("ssl_cert", "CERTIFICATE")
|
||||||
|
self.test_config.set("ssl_key", "KEY")
|
||||||
|
self.relation_ids.return_value = []
|
||||||
|
public_addr = "10.0.0.10"
|
||||||
|
self.resolve_address.return_value = public_addr
|
||||||
|
relation_id = "keystone-fid-service-provider-certificates:5"
|
||||||
|
relation_settings = {
|
||||||
|
'hostname': '"{}"'.format(public_addr),
|
||||||
|
'port': '5000',
|
||||||
|
'tls-enabled': 'true'
|
||||||
|
}
|
||||||
|
hooks.update_keystone_fid_service_provider(relation_id=relation_id)
|
||||||
|
self.relation_set.assert_called_once_with(
|
||||||
|
relation_id=relation_id, relation_settings=relation_settings)
|
||||||
|
|
||||||
@patch.object(hooks, 'relation_set')
|
@patch.object(hooks, 'relation_set')
|
||||||
@patch.object(hooks, 'get_certificate_request')
|
@patch.object(hooks, 'get_certificate_request')
|
||||||
def test_certs_joined(self, get_certificate_request, relation_set):
|
def test_certs_joined(self, get_certificate_request, relation_set):
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user