ac2604e9a0
A secure openldap server requires support for openldap certificates. Internal sysinv rest api "cerificate_install" and system certificate management CLIs "certificate-install" and "certificate-list" need to have sysinv cert-mon support for openldap certificate. This commit is the first step in making rest api "certificate-install" and CLI "certificate-list" fully functional. Subsequent "sysinv/conductor/manager.py" support code changes for openldap certificate configuration will complete the sysinv cert-mon implementation as they would need to be accompanied by openldap schema updates for ssl certificate and key, updates done using puppet configuration and part of a follow up commit. New “mode=openldap” was added to internal sysinv rest api "certificate_install" but it's usage is disallowed in the system CLI "certificate-install". The new secure endpoint for openldap/slapd is not yet being used. In future next step, when SSSD (System Security Services Daemon) client is introduced, security will be enhanced with use of LDAPS for openldap/slapd. Tests performed: PASS: Add new mode=openldap to sysinv rest api "certificate_install". Testing verifies the instrumentation of the rest api option "m=openldap" in the sysinv cert-mon code and does not verifies the full functionality of the option that is not enabled yet beyond cert-mon. Testing shows in debug mode that the option is working and cert-mon calls are logged. The option triggers cert-mon apis for openldap as expected. PASS: Disable mode-openldap in the system CLI "certificate-install". PASS: Create new certificate and secret. PASS: List all certificates. This test is to ensure installed certificates are listed and CLI "certificate-list" is not broken. The openldap certificate is expected not to be in the list. PASS: Delete a certificate and secret. Story: 2009834 Task: 44655 Change-Id: I01db5a7ea9848187655174b1b5451f73d9c5c220 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> |
||
|---|---|---|
| .. | ||
| .eggs | ||
| contrib | ||
| doc/source | ||
| etc/sysinv | ||
| scripts | ||
| sysinv | ||
| tools | ||
| .coveragerc | ||
| .gitignore | ||
| .stestr.conf | ||
| CONTRIBUTING.rst | ||
| HACKING.rst | ||
| LICENSE | ||
| MANIFEST.in | ||
| README.rst | ||
| babel.cfg | ||
| openstack-common.conf | ||
| pylint.rc | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
| upper-constraints.txt | ||
README.rst
Placeholder to allow setup.py to work. Removing this requires modifying the setup.py manifest.