def test_reconfigure_client_ssl_no_ssl(self, relation_set,
configure_client_ssl, relation_get,
relation_ids, local_unit):
relation_ids.return_value = ['rel1']
relation_get.return_value = {'ssl_key': 'aa'}
ssl_utils.reconfigure_client_ssl(ssl_enabled=False)
relation_set.assert_called_with(relation_id='rel1',
ssl_ca='',
ssl_cert='',
ssl_key='',
ssl_port='')
def test_reconfigure_client_ssl_no_ssl(self, relation_set,
configure_client_ssl, relation_get,
relation_ids, local_unit):
relation_ids.return_value = ['rel1']
relation_get.return_value = {'ssl_key': 'aa'}
ssl_utils.reconfigure_client_ssl(ssl_enabled=False)
relation_set.assert_called_with(
relation_id='rel1',
ssl_ca='',
ssl_cert='',
ssl_key='',
ssl_port='')
def __call__(self):
"""
The legacy config support adds some additional complications.
ssl_enabled = True, ssl = off -> ssl enabled
ssl_enabled = False, ssl = on -> ssl enabled
"""
ssl_mode, external_ca = ssl_utils.get_ssl_mode()
ctxt = {
'ssl_mode': ssl_mode,
}
if ssl_mode == 'off':
close_port(config('ssl_port'))
ssl_utils.reconfigure_client_ssl()
return ctxt
if ssl_mode == ssl_utils.CERTS_FROM_RELATION:
relation_certs = ssl_utils.get_relation_cert_data()
ctxt['ssl_mode'] = 'on'
ssl_key = convert_from_base64(relation_certs['key'])
ssl_cert = convert_from_base64(relation_certs['cert'])
ssl_ca = convert_from_base64(relation_certs['ca'])
ssl_port = config('ssl_port')
else:
ssl_key = convert_from_base64(config('ssl_key'))
ssl_cert = convert_from_base64(config('ssl_cert'))
ssl_ca = convert_from_base64(config('ssl_ca'))
ssl_port = config('ssl_port')
# If external managed certs then we need all the fields.
if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert))
and not all((ssl_key, ssl_cert))):
log('If ssl_key or ssl_cert are specified both are required.',
level=ERROR)
sys.exit(1)
if not external_ca:
ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert()
ctxt.update(
self.enable_ssl(ssl_key,
ssl_cert,
ssl_port,
ssl_ca,
ssl_only=(ssl_mode == "only"),
ssl_client=False))
ssl_utils.reconfigure_client_ssl(True)
open_port(ssl_port)
return ctxt
def __call__(self):
"""
The legacy config support adds some additional complications.
ssl_enabled = True, ssl = off -> ssl enabled
ssl_enabled = False, ssl = on -> ssl enabled
"""
ssl_mode, external_ca = ssl_utils.get_ssl_mode()
ctxt = {
'ssl_mode': ssl_mode,
}
if ssl_mode == 'off':
close_port(config('ssl_port'))
ssl_utils.reconfigure_client_ssl()
return ctxt
if ssl_mode == ssl_utils.CERTS_FROM_RELATION:
relation_certs = ssl_utils.get_relation_cert_data()
ctxt['ssl_mode'] = 'on'
ssl_key = convert_from_base64(relation_certs['key'])
ssl_cert = convert_from_base64(relation_certs['cert'])
ssl_ca = convert_from_base64(relation_certs['ca'])
ssl_port = config('ssl_port')
else:
ssl_key = convert_from_base64(config('ssl_key'))
ssl_cert = convert_from_base64(config('ssl_cert'))
ssl_ca = convert_from_base64(config('ssl_ca'))
ssl_port = config('ssl_port')
# If external managed certs then we need all the fields.
if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and
not all((ssl_key, ssl_cert))):
log('If ssl_key or ssl_cert are specified both are required.',
level=ERROR)
sys.exit(1)
if not external_ca:
ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert()
ctxt.update(self.enable_ssl(
ssl_key, ssl_cert, ssl_port, ssl_ca,
ssl_only=(ssl_mode == "only"), ssl_client=False
))
ssl_utils.reconfigure_client_ssl(True)
open_port(ssl_port)
return ctxt
def test_reconfigure_client_ssl(self, relation_set, configure_client_ssl,
relation_get, relation_ids, local_unit):
relation_ids.return_value = ['rel1']
relation_get.return_value = {}
ssl_utils.reconfigure_client_ssl(ssl_enabled=True)
configure_client_ssl.assert_called_with({})
def test_reconfigure_client_ssl(self, relation_set, configure_client_ssl,
relation_get, relation_ids, local_unit):
relation_ids.return_value = ['rel1']
relation_get.return_value = {}
ssl_utils.reconfigure_client_ssl(ssl_enabled=True)
configure_client_ssl.assert_called_with({})
