ac2604e9a0
A secure openldap server requires support for openldap certificates. Internal sysinv rest api "cerificate_install" and system certificate management CLIs "certificate-install" and "certificate-list" need to have sysinv cert-mon support for openldap certificate. This commit is the first step in making rest api "certificate-install" and CLI "certificate-list" fully functional. Subsequent "sysinv/conductor/manager.py" support code changes for openldap certificate configuration will complete the sysinv cert-mon implementation as they would need to be accompanied by openldap schema updates for ssl certificate and key, updates done using puppet configuration and part of a follow up commit. New “mode=openldap” was added to internal sysinv rest api "certificate_install" but it's usage is disallowed in the system CLI "certificate-install". The new secure endpoint for openldap/slapd is not yet being used. In future next step, when SSSD (System Security Services Daemon) client is introduced, security will be enhanced with use of LDAPS for openldap/slapd. Tests performed: PASS: Add new mode=openldap to sysinv rest api "certificate_install". Testing verifies the instrumentation of the rest api option "m=openldap" in the sysinv cert-mon code and does not verifies the full functionality of the option that is not enabled yet beyond cert-mon. Testing shows in debug mode that the option is working and cert-mon calls are logged. The option triggers cert-mon apis for openldap as expected. PASS: Disable mode-openldap in the system CLI "certificate-install". PASS: Create new certificate and secret. PASS: List all certificates. This test is to ensure installed certificates are listed and CLI "certificate-list" is not broken. The openldap certificate is expected not to be in the list. PASS: Delete a certificate and secret. Story: 2009834 Task: 44655 Change-Id: I01db5a7ea9848187655174b1b5451f73d9c5c220 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> |
||
---|---|---|
api-ref/source | ||
config-gate | ||
controllerconfig | ||
devstack | ||
doc | ||
releasenotes | ||
storageconfig | ||
sysinv | ||
tmp/patch-scripts/EXAMPLE_SYSINV/scripts | ||
tools/docker/images | ||
tsconfig | ||
workerconfig | ||
.gitignore | ||
.gitreview | ||
.yamllint | ||
.zuul.yaml | ||
CONTRIBUTORS.wrs | ||
LICENSE | ||
README.rst | ||
bindep.txt | ||
centos_build_layer.cfg | ||
centos_dev_wheels.inc | ||
centos_helm.inc | ||
centos_iso_image.inc | ||
centos_pkg_dirs | ||
centos_pkg_dirs_containers | ||
centos_stable_wheels.inc | ||
debian_build_layer.cfg | ||
debian_iso_image.inc | ||
debian_pkg_dirs | ||
test-requirements.txt | ||
tox.ini |
README.rst
stx-config
StarlingX Configuration Management