From 5d35e97cfa2ac14ac91e2b9038a11e94606c0816 Mon Sep 17 00:00:00 2001
From: Jonathan Brownell <brownell@hp.com>
Date: Mon, 28 Jul 2014 12:46:02 -0700
Subject: [PATCH] Move cacert property out of "stunnel" and into a new "ssl"
 group

The CA certificate is currently passed via ssl-source.yaml as
"stunnel.cacert", but this value is not currently used by stunnel
since we have no use case for client cert authentication.

This change proposes that it also be exposed as
"ssl.ca_certificate", which is consistent with the overall SSL
direction being driven by the PKI spec:
  I32473fe797a4c1e28d14c3b82c8892c7c59a4e55

This new CA certificate value will be installed as a trusted CA
on all cloud nodes that issue SSL-secured connection requests to
OpenStack or other infrastructure (MySQL, RabbitMQ) services.

Change-Id: Ibacd7c98980520e11c0df89632013f2ba2dbe370
---
 ssl-source.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ssl-source.yaml b/ssl-source.yaml
index 09ea52a211..ac1ef42d3a 100644
--- a/ssl-source.yaml
+++ b/ssl-source.yaml
@@ -20,6 +20,9 @@ resources:
     properties:
       group: os-apply-config
       config:
+        ssl:
+          ca_certificate:
+            get_input: ssl_ca_certificate
         stunnel:
           cert:
             get_input: ssl_certificate