Set appropriate permissons for certificate data
Change-Id: I8a4ba53a09f61a4f40555bd5892ba0ae2beb2de4 Closes-Bug: #1821314
This commit is contained in:
parent
bfb561d18c
commit
3e9f4096f9
|
@ -0,0 +1,3 @@
|
|||
[DEFAULT]
|
||||
test_path=./unit_tests
|
||||
top_dir=./
|
|
@ -1,8 +0,0 @@
|
|||
[DEFAULT]
|
||||
test_command=OS_STDOUT_CAPTURE=${OS_STDOUT_CAPTURE:-1} \
|
||||
OS_STDERR_CAPTURE=${OS_STDERR_CAPTURE:-1} \
|
||||
OS_TEST_TIMEOUT=${OS_TEST_TIMEOUT:-60} \
|
||||
${PYTHON:-python} -m subunit.run discover -t ./ ./unit_tests $LISTOPT $IDOPTION
|
||||
|
||||
test_id_option=--load-list $IDFILE
|
||||
test_list_option=--list
|
|
@ -362,19 +362,26 @@ class OpenStackCharm(BaseOpenStackCharm,
|
|||
with is_data_changed('configure_ssl.ssl_objects',
|
||||
ssl_objects) as changed:
|
||||
if ssl_objects:
|
||||
if changed:
|
||||
for ssl in ssl_objects:
|
||||
self.set_state('ssl.requested', True)
|
||||
self.configure_cert(
|
||||
ssl['cert'], ssl['key'], cn=ssl['cn'])
|
||||
self.configure_ca(ssl['ca'])
|
||||
cert_utils.create_ip_cert_links(
|
||||
os.path.join('/etc/apache2/ssl/', self.name))
|
||||
if not os_utils.snap_install_requested():
|
||||
self.configure_apache()
|
||||
ch_host.service_reload('apache2')
|
||||
# NOTE(fnordahl): regardless of changes to data we may
|
||||
# have other changes we want to apply to the files.
|
||||
# (e.g. ownership, permissions)
|
||||
#
|
||||
# Also note that c-h.host.write_file used in configure_cert()
|
||||
# has it's own logic to detect data changes.
|
||||
#
|
||||
# LP: #1821314
|
||||
for ssl in ssl_objects:
|
||||
self.set_state('ssl.requested', True)
|
||||
self.configure_cert(
|
||||
ssl['cert'], ssl['key'], cn=ssl['cn'])
|
||||
self.configure_ca(ssl['ca'])
|
||||
cert_utils.create_ip_cert_links(
|
||||
os.path.join('/etc/apache2/ssl/', self.name))
|
||||
if not os_utils.snap_install_requested() and changed:
|
||||
self.configure_apache()
|
||||
ch_host.service_reload('apache2')
|
||||
|
||||
self.remove_state('ssl.requested')
|
||||
self.remove_state('ssl.requested')
|
||||
self.set_state('ssl.enabled', True)
|
||||
else:
|
||||
self.set_state('ssl.enabled', False)
|
||||
|
@ -831,9 +838,11 @@ class HAOpenStackCharm(OpenStackAPICharm):
|
|||
key_filename = 'key'
|
||||
|
||||
ch_host.write_file(path=os.path.join(ssl_dir, cert_filename),
|
||||
content=cert.encode('utf-8'))
|
||||
content=cert.encode('utf-8'), group=self.group,
|
||||
perms=0o640)
|
||||
ch_host.write_file(path=os.path.join(ssl_dir, key_filename),
|
||||
content=key.encode('utf-8'))
|
||||
content=key.encode('utf-8'), group=self.group,
|
||||
perms=0o640)
|
||||
|
||||
def get_local_addresses(self):
|
||||
"""Return list of local addresses on each configured network
|
||||
|
|
|
@ -3,7 +3,7 @@ requests
|
|||
httpretty
|
||||
pep8
|
||||
flake8>=2.2.4,<=2.4.1
|
||||
os-testr>=0.4.1
|
||||
stestr
|
||||
paramiko<2.0
|
||||
charms.reactive
|
||||
mock>=1.2
|
||||
|
|
2
tox.ini
2
tox.ini
|
@ -8,7 +8,7 @@ setenv = VIRTUAL_ENV={envdir}
|
|||
PYTHONHASHSEED=0
|
||||
install_command =
|
||||
pip install {opts} {packages}
|
||||
commands = ostestr {posargs}
|
||||
commands = stestr run {posargs}
|
||||
|
||||
[testenv:py27]
|
||||
basepython = python2.7
|
||||
|
|
|
@ -700,10 +700,10 @@ class TestHAOpenStackCharm(BaseOpenStackCharmTest):
|
|||
calls = [
|
||||
mock.call(
|
||||
path='/etc/apache2/ssl/charmname/cert_mycn',
|
||||
content=b'mycert'),
|
||||
content=b'mycert', group='root', perms=0o640),
|
||||
mock.call(
|
||||
path='/etc/apache2/ssl/charmname/key_mycn',
|
||||
content=b'mykey')]
|
||||
content=b'mykey', group='root', perms=0o640)]
|
||||
self.write_file.assert_has_calls(calls)
|
||||
self.write_file.reset_mock()
|
||||
self.patch_object(chm.os_ip, 'resolve_address', 'addr')
|
||||
|
@ -711,10 +711,10 @@ class TestHAOpenStackCharm(BaseOpenStackCharmTest):
|
|||
calls = [
|
||||
mock.call(
|
||||
path='/etc/apache2/ssl/charmname/cert_addr',
|
||||
content=b'mycert'),
|
||||
content=b'mycert', group='root', perms=0o640),
|
||||
mock.call(
|
||||
path='/etc/apache2/ssl/charmname/key_addr',
|
||||
content=b'mykey')]
|
||||
content=b'mykey', group='root', perms=0o640)]
|
||||
self.write_file.assert_has_calls(calls)
|
||||
|
||||
def test_get_local_addresses(self):
|
||||
|
@ -919,7 +919,6 @@ class TestHAOpenStackCharm(BaseOpenStackCharmTest):
|
|||
name='apt_install')
|
||||
self.patch_object(chm.os_utils, 'snap_install_requested',
|
||||
return_value=False)
|
||||
self.target.configure_ssl()
|
||||
cert_calls = [
|
||||
mock.call('cert1', 'key1', cn='cn1'),
|
||||
mock.call('cert2', 'key2', cn='cn2')]
|
||||
|
@ -929,10 +928,20 @@ class TestHAOpenStackCharm(BaseOpenStackCharmTest):
|
|||
set_state_calls = [
|
||||
mock.call('ssl.requested', True),
|
||||
mock.call('ssl.enabled', True)]
|
||||
self.configure_cert.assert_has_calls(cert_calls)
|
||||
self.configure_ca.assert_has_calls(ca_calls)
|
||||
self.configure_apache.assert_called_once_with()
|
||||
self.set_state.assert_has_calls(set_state_calls)
|
||||
with mock.patch.object(chm, 'is_data_changed') as changed:
|
||||
changed.return_value.__enter__.return_value = False
|
||||
self.target.configure_ssl()
|
||||
self.configure_cert.assert_has_calls(cert_calls)
|
||||
self.configure_ca.assert_has_calls(ca_calls)
|
||||
self.assertFalse(self.configure_apache.called)
|
||||
self.set_state.assert_has_calls(set_state_calls)
|
||||
with mock.patch.object(chm, 'is_data_changed') as changed:
|
||||
changed.return_value.__enter__.return_value = True
|
||||
self.target.configure_ssl()
|
||||
self.configure_cert.assert_has_calls(cert_calls)
|
||||
self.configure_ca.assert_has_calls(ca_calls)
|
||||
self.configure_apache.called_once_with()
|
||||
self.set_state.assert_has_calls(set_state_calls)
|
||||
|
||||
def test_configure_ssl_off(self):
|
||||
self.patch_target('get_certs_and_keys', return_value=[])
|
||||
|
|
Loading…
Reference in New Issue