ac2604e9a0
A secure openldap server requires support for openldap certificates. Internal sysinv rest api "cerificate_install" and system certificate management CLIs "certificate-install" and "certificate-list" need to have sysinv cert-mon support for openldap certificate. This commit is the first step in making rest api "certificate-install" and CLI "certificate-list" fully functional. Subsequent "sysinv/conductor/manager.py" support code changes for openldap certificate configuration will complete the sysinv cert-mon implementation as they would need to be accompanied by openldap schema updates for ssl certificate and key, updates done using puppet configuration and part of a follow up commit. New “mode=openldap” was added to internal sysinv rest api "certificate_install" but it's usage is disallowed in the system CLI "certificate-install". The new secure endpoint for openldap/slapd is not yet being used. In future next step, when SSSD (System Security Services Daemon) client is introduced, security will be enhanced with use of LDAPS for openldap/slapd. Tests performed: PASS: Add new mode=openldap to sysinv rest api "certificate_install". Testing verifies the instrumentation of the rest api option "m=openldap" in the sysinv cert-mon code and does not verifies the full functionality of the option that is not enabled yet beyond cert-mon. Testing shows in debug mode that the option is working and cert-mon calls are logged. The option triggers cert-mon apis for openldap as expected. PASS: Disable mode-openldap in the system CLI "certificate-install". PASS: Create new certificate and secret. PASS: List all certificates. This test is to ensure installed certificates are listed and CLI "certificate-list" is not broken. The openldap certificate is expected not to be in the list. PASS: Delete a certificate and secret. Story: 2009834 Task: 44655 Change-Id: I01db5a7ea9848187655174b1b5451f73d9c5c220 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> |
||
---|---|---|
.. | ||
.eggs | ||
contrib | ||
doc/source | ||
etc/sysinv | ||
scripts | ||
sysinv | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.stestr.conf | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
MANIFEST.in | ||
README.rst | ||
babel.cfg | ||
openstack-common.conf | ||
pylint.rc | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini | ||
upper-constraints.txt |
README.rst
Placeholder to allow setup.py to work. Removing this requires modifying the setup.py manifest.