From f115403984f6c6cfa15ed10e4d8ea4c167e6e9ca Mon Sep 17 00:00:00 2001
From: Stuart McLaren <stuart.mclaren@hp.com>
Date: Thu, 3 Apr 2014 16:30:24 +0000
Subject: [PATCH] ssl: Add support for a CA Certificate

Add SSLCACertificate to the overcloud yaml.

This allows a CA certificate to be specified in cases where the Cert
does not come from a CA in the system bundle.

Partially implements: blueprint tripleo-ssl-overcloud

Full set of blueprint changes:

https://review.openstack.org/#/c/85098
https://review.openstack.org/#/c/85099
https://review.openstack.org/#/c/85100

Change-Id: I67d7c1362df323762023be5c74fbe75b1583570c
---
 overcloud-source.yaml | 1 +
 ssl-source.yaml       | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index cf1eecdae8..f3bf1540da 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -587,6 +587,7 @@ Resources:
       input_values:
         ssl_certificate: {Ref: SSLCertificate}
         ssl_key: {Ref: SSLKey}
+        ssl_ca_certificate: {Ref: SSLCACertificate}
   controller0Passthrough:
     Type: OS::Heat::StructuredDeployment
     Properties:
diff --git a/ssl-source.yaml b/ssl-source.yaml
index c3edbe752e..1d6ac246aa 100644
--- a/ssl-source.yaml
+++ b/ssl-source.yaml
@@ -10,6 +10,10 @@ Parameters:
     Description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints.
     Type: String
     NoEcho: true
+  SSLCACertificate:
+    Default: ''
+    Description: If set, the contents of an SSL certificate authority file.
+    Type: String
 Resources:
   SSLConfig:
     Type: OS::Heat::StructuredConfig
@@ -21,6 +25,8 @@ Resources:
             get_input: ssl_certificate
           key:
             get_input: ssl_key
+          cacert:
+            get_input: ssl_ca_certificate
           ports:
            - name: 'ec2'
              accept: 13773