Get rid global TLS option from start_script

- Replace using global option on etcd tls option - Update name of config option for generation certs Change-Id: Ibfbbf0805cee01d924c970d0d7c9d8d356bc6881
2017-02-15 10:15:41 +00:00 · 2017-02-15 10:15:41 +00:00 · 8525704d15
parent f5192e3f71
commit 8525704d15
2 changed files with 12 additions and 18 deletions
--- a/fuel_ccp_entrypoint/start_script.py
+++ b/fuel_ccp_entrypoint/start_script.py
@ -294,7 +294,7 @@ def create_files(files):

@retry
 def get_etcd_client():
-    if VARIABLES["security"]["tls"]["enabled"]:
+    if VARIABLES["etcd"]["tls"]["enabled"]:
        LOG.debug("TLS is enabled for etcd, using encrypted connectivity")
        scheme = "https"
        ca_cert = CACERT
@ -307,7 +307,7 @@ def get_etcd_client():
    # accessible via service due failed readiness check
    if VARIABLES["role_name"] in ["etcd", "etcd-leader-elector",
                                  "etcd-watcher"]:
-        if VARIABLES["security"]["tls"]["enabled"]:
+        if VARIABLES["etcd"]["tls"]["enabled"]:
            # If it's etcd container, connectivity goes over IP address, thus
            # TLS connection will fail. Need to reuse non-TLS
            # https://github.com/coreos/etcd/issues/4311
@ -537,7 +537,7 @@ def main():
    VARIABLES = get_variables(args.role)
    LOG.debug('Global variables:\n%s', VARIABLES)

-    if VARIABLES["security"]["tls"]["enabled"]:
+    if VARIABLES["security"]["tls"]["create_certificates"]:
        _get_ca_certificate()
    if args.action == "provision":
        do_provision(args.role)
--- a/fuel_ccp_entrypoint/tests/test_fuel_ccp_entrypoint.py
+++ b/fuel_ccp_entrypoint/tests/test_fuel_ccp_entrypoint.py
@ -195,6 +195,9 @@ class TestGetETCDClient(base.TestCase):
        start_script.VARIABLES = {
            "role_name": "etcd",
            "etcd": {
+                "tls": {
+                    "enabled": False
+                },
                "client_port": {
                    "cont": 10042
                },
@ -205,11 +208,6 @@ class TestGetETCDClient(base.TestCase):
                "private": {
                    "address": "192.0.2.1"
                }
-            },
-            "security": {
-                "tls": {
-                    "enabled": False
-                }
            }
        }
        with mock.patch("etcd.Client") as m_etcd:
@ -230,16 +228,14 @@ class TestGetETCDClient(base.TestCase):
            "namespace": "ccp",
            "cluster_domain": 'cluster.local',
            "etcd": {
+                "tls": {
+                    "enabled": False
+                },
                "client_port": {
                    "cont": 1234
                },
                "connection_attempts": 3,
                "connection_delay": 0,
-            },
-            "security": {
-                "tls": {
-                    "enabled": False
-                }
            }
        }
        with mock.patch("etcd.Client") as m_etcd:
@ -260,16 +256,14 @@ class TestGetETCDClient(base.TestCase):
            "namespace": "ccp",
            "cluster_domain": 'cluster.local',
            "etcd": {
+                "tls": {
+                    "enabled": True
+                },
                "client_port": {
                    "cont": 1234
                },
                "connection_attempts": 3,
                "connection_delay": 0,
-            },
-            "security": {
-                "tls": {
-                    "enabled": True
-                }
            }
        }
        with mock.patch("etcd.Client") as m_etcd: