A secure openldap server requires support for openldap certificates.
Internal sysinv rest api "cerificate_install" and system certificate
management CLIs "certificate-install" and "certificate-list" need to
have sysinv cert-mon support for openldap certificate.
This commit is the first step in making rest api "certificate-install"
and CLI "certificate-list" fully functional.
Subsequent "sysinv/conductor/manager.py" support code changes for
openldap certificate configuration will complete the sysinv cert-mon
implementation as they would need to be accompanied by openldap
schema updates for ssl certificate and key, updates done using puppet
configuration and part of a follow up commit.
New “mode=openldap” was added to internal sysinv rest api
"certificate_install" but it's usage is disallowed in the system CLI
"certificate-install".
The new secure endpoint for openldap/slapd is not yet being used.
In future next step, when SSSD (System Security Services Daemon)
client is introduced, security will be enhanced with use of LDAPS
for openldap/slapd.
Tests performed:
PASS: Add new mode=openldap to sysinv rest api "certificate_install".
Testing verifies the instrumentation of the rest api option
"m=openldap" in the sysinv cert-mon code and does not verifies the
full functionality of the option that is not enabled yet beyond
cert-mon. Testing shows in debug mode that the option is working and
cert-mon calls are logged. The option triggers cert-mon apis for
openldap as expected.
PASS: Disable mode-openldap in the system CLI "certificate-install".
PASS: Create new certificate and secret.
PASS: List all certificates. This test is to ensure installed
certificates are listed and CLI "certificate-list" is not broken.
The openldap certificate is expected not to be in the list.
PASS: Delete a certificate and secret.
Story: 2009834
Task: 44655
Change-Id: I01db5a7ea9848187655174b1b5451f73d9c5c220
Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
ac2604e9a0