auto-unlock: make things clear about security
Rename auto-unlock configuration option to make things clear to CLI users that this really is a totally unsecure deployment option! Change-Id: I47726c65698bea1c35766d5c3ef16befad8ec72d
This commit is contained in:
parent
28fb89a44b
commit
dbbf4d9a09
|
@ -58,7 +58,7 @@ options:
|
|||
description: |
|
||||
DNS record to use for DNS HA with MAAS. Do not use vip setting
|
||||
if this is set.
|
||||
auto-unlock:
|
||||
totally-unsecure-auto-unlock:
|
||||
type: boolean
|
||||
default: false
|
||||
description: >-
|
||||
|
|
|
@ -242,7 +242,7 @@ def can_restart():
|
|||
safe_restart = False
|
||||
if not host.service_running('vault'):
|
||||
safe_restart = True
|
||||
elif hookenv.config('auto-unlock'):
|
||||
elif hookenv.config('totally-unsecure-auto-unlock'):
|
||||
safe_restart = True
|
||||
else:
|
||||
client = get_client(url=VAULT_LOCALHOST_URL)
|
||||
|
|
|
@ -136,7 +136,7 @@ def snap_refresh():
|
|||
if vault.can_restart():
|
||||
log("Restarting vault", level=DEBUG)
|
||||
service_restart('vault')
|
||||
if config('auto-unlock'):
|
||||
if config('totally-unsecure-auto-unlock'):
|
||||
vault.prepare_vault()
|
||||
else:
|
||||
set_flag('snap.channel.invalid')
|
||||
|
@ -365,7 +365,7 @@ def cluster_connected(hacluster):
|
|||
def file_change_auto_unlock_mode():
|
||||
log("Calling opportunistic_restart", level=DEBUG)
|
||||
vault.opportunistic_restart()
|
||||
if config('auto-unlock'):
|
||||
if config('totally-unsecure-auto-unlock'):
|
||||
vault.prepare_vault()
|
||||
|
||||
|
||||
|
|
|
@ -396,7 +396,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
|
|||
def test_snap_refresh_restartable(self, can_restart):
|
||||
conf = {
|
||||
'channel': 'edge',
|
||||
'auto-unlock': False}
|
||||
'totally-unsecure-auto-unlock': False}
|
||||
self.config.side_effect = lambda x: conf[x]
|
||||
can_restart.return_value = True
|
||||
handlers.snap_refresh()
|
||||
|
@ -405,7 +405,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
|
|||
self.clear_flag.assert_called_with('snap.channel.invalid')
|
||||
config_calls = [
|
||||
mock.call('channel'),
|
||||
mock.call('auto-unlock')]
|
||||
mock.call('totally-unsecure-auto-unlock')]
|
||||
self.config.assert_has_calls(config_calls)
|
||||
|
||||
@patch.object(handlers.vault, 'can_restart')
|
||||
|
|
Loading…
Reference in New Issue