Add method to check if OpenStack is HTTPS ready

This change adds a _is_openstack_https_ready function to the
openstack.py plugin. It verifies if the platform has https_enabled set
to true and checks if three certificates are present: openstack,
openstack_ca and ssl_ca. If both conditions are met, it returns True.

Test Plan
PASS: Build OpenStack and verify that the generated tarball contains the
added code.
PASS: Apply the built tarball.

Signed-off-by: Gustavo Santos <gustavofaganello.santos@windriver.com>
Change-Id: I28e4bdb0785ae453830a426a731f14a0b80a0d47

python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019-2021 Wind River Systems, Inc.
+# Copyright (c) 2019-2022 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -614,3 +614,23 @@ class OpenstackBaseHelm(BaseHelm):
             pass
 
         return 'null'
+
+    def _is_openstack_https_ready(self):
+        """
+        Check if OpenStack is ready for HTTPS
+
+        Returns true if the https_enabled flag is set to true and if the openstack, openstack_ca
+        and ssl_ca certificates are installed in the system.
+        """
+        cert_openstack, cert_openstack_ca, cert_ssl_ca = False, False, False
+        if self._https_enabled():
+            certificates = self.dbapi.certificate_get_list()
+            for certificate in certificates:
+                if certificate.certtype == constants.CERT_MODE_OPENSTACK:
+                    cert_openstack = True
+                elif certificate.certtype == constants.CERT_MODE_OPENSTACK_CA:
+                    cert_openstack_ca = True
+                elif certificate.certtype == constants.CERT_MODE_SSL_CA:
+                    cert_ssl_ca = True
+
+        return cert_openstack and cert_openstack_ca and cert_ssl_ca

python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/tests/test_openstack.py

@@ -0,0 +1,70 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+import mock
+
+from oslo_utils import uuidutils
+
+from k8sapp_openstack.helm.openstack import OpenstackBaseHelm
+from sysinv.common import constants
+from sysinv.helm import helm
+
+from sysinv.tests.db import base as dbbase
+
+
+class OpenstackBaseHelmTest(dbbase.ControllerHostTestCase):
+    def setUp(self):
+        super(OpenstackBaseHelmTest, self).setUp()
+        self.operator = helm.HelmOperator(self.dbapi)
+        self.openstack = OpenstackBaseHelm(self.operator)
+
+    @mock.patch.object(OpenstackBaseHelm, "_https_enabled")
+    def test_is_openstack_https_ready_true(self, _https_enabled_mock):
+        _https_enabled_mock.side_effect = lambda: True
+
+        self.dbapi.certificate_create(
+            {
+                "id": 1,
+                "uuid": uuidutils.generate_uuid(),
+                "certtype": constants.CERT_MODE_OPENSTACK,
+                "signature": "abcdef",
+            }
+        )
+
+        self.dbapi.certificate_create(
+            {
+                "id": 2,
+                "uuid": uuidutils.generate_uuid(),
+                "certtype": constants.CERT_MODE_OPENSTACK_CA,
+                "signature": "abcdef",
+            }
+        )
+
+        self.dbapi.certificate_create(
+            {
+                "id": 3,
+                "uuid": uuidutils.generate_uuid(),
+                "certtype": constants.CERT_MODE_SSL_CA,
+                "signature": "abcdef",
+            }
+        )
+
+        self.assertTrue(self.openstack._is_openstack_https_ready())
+
+    @mock.patch.object(OpenstackBaseHelm, "_https_enabled")
+    def test_is_openstack_https_ready_false(self, _https_enabled_mock):
+        _https_enabled_mock.side_effect = lambda: True
+
+        self.dbapi.certificate_create(
+            {
+                "id": 3,
+                "uuid": uuidutils.generate_uuid(),
+                "certtype": constants.CERT_MODE_DOCKER_REGISTRY,
+                "signature": "abcdef",
+            }
+        )
+
+        self.assertFalse(self.openstack._is_openstack_https_ready())