Merge "Add method to check if OpenStack is HTTPS ready"

2022-03-01 00:13:28 +00:00 · 2022-03-01 00:13:28 +00:00 · e1735fe05a
commit e1735fe05a
parent a6f16c975d cbd4ac8f4c
2 changed files with 91 additions and 1 deletions
--- a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py
+++ b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019-2021 Wind River Systems, Inc.
+# Copyright (c) 2019-2022 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@ -614,3 +614,23 @@ class OpenstackBaseHelm(BaseHelm):
            pass

        return 'null'
+
+    def _is_openstack_https_ready(self):
+        """
+        Check if OpenStack is ready for HTTPS
+
+        Returns true if the https_enabled flag is set to true and if the openstack, openstack_ca
+        and ssl_ca certificates are installed in the system.
+        """
+        cert_openstack, cert_openstack_ca, cert_ssl_ca = False, False, False
+        if self._https_enabled():
+            certificates = self.dbapi.certificate_get_list()
+            for certificate in certificates:
+                if certificate.certtype == constants.CERT_MODE_OPENSTACK:
+                    cert_openstack = True
+                elif certificate.certtype == constants.CERT_MODE_OPENSTACK_CA:
+                    cert_openstack_ca = True
+                elif certificate.certtype == constants.CERT_MODE_SSL_CA:
+                    cert_ssl_ca = True
+
+        return cert_openstack and cert_openstack_ca and cert_ssl_ca
--- a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/tests/test_openstack.py
+++ b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/tests/test_openstack.py
@ -0,0 +1,70 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+import mock
+
+from oslo_utils import uuidutils
+
+from k8sapp_openstack.helm.openstack import OpenstackBaseHelm
+from sysinv.common import constants
+from sysinv.helm import helm
+
+from sysinv.tests.db import base as dbbase
+
+
+class OpenstackBaseHelmTest(dbbase.ControllerHostTestCase):
+    def setUp(self):
+        super(OpenstackBaseHelmTest, self).setUp()
+        self.operator = helm.HelmOperator(self.dbapi)
+        self.openstack = OpenstackBaseHelm(self.operator)
+
+    @mock.patch.object(OpenstackBaseHelm, "_https_enabled")
+    def test_is_openstack_https_ready_true(self, _https_enabled_mock):
+        _https_enabled_mock.side_effect = lambda: True
+
+        self.dbapi.certificate_create(
+            {
+                "id": 1,
+                "uuid": uuidutils.generate_uuid(),
+                "certtype": constants.CERT_MODE_OPENSTACK,
+                "signature": "abcdef",
+            }
+        )
+
+        self.dbapi.certificate_create(
+            {
+                "id": 2,
+                "uuid": uuidutils.generate_uuid(),
+                "certtype": constants.CERT_MODE_OPENSTACK_CA,
+                "signature": "abcdef",
+            }
+        )
+
+        self.dbapi.certificate_create(
+            {
+                "id": 3,
+                "uuid": uuidutils.generate_uuid(),
+                "certtype": constants.CERT_MODE_SSL_CA,
+                "signature": "abcdef",
+            }
+        )
+
+        self.assertTrue(self.openstack._is_openstack_https_ready())
+
+    @mock.patch.object(OpenstackBaseHelm, "_https_enabled")
+    def test_is_openstack_https_ready_false(self, _https_enabled_mock):
+        _https_enabled_mock.side_effect = lambda: True
+
+        self.dbapi.certificate_create(
+            {
+                "id": 3,
+                "uuid": uuidutils.generate_uuid(),
+                "certtype": constants.CERT_MODE_DOCKER_REGISTRY,
+                "signature": "abcdef",
+            }
+        )
+
+        self.assertFalse(self.openstack._is_openstack_https_ready())