def test_get_ssl_enabled_relation_certs(self, get_relation_cert_data): get_relation_cert_data.return_value = { 'cert': 'vaultcert', 'key': 'vaultkey', 'ca': 'vaultca' } self.assertEqual(ssl_utils.get_ssl_mode(), ('certs-relation', True))
def test_get_ssl_enabled_relation_certs(self, get_relation_cert_data): get_relation_cert_data.return_value = { 'cert': 'vaultcert', 'key': 'vaultkey', 'ca': 'vaultca'} self.assertEqual( ssl_utils.get_ssl_mode(), ('certs-relation', True))
def test_get_ssl_enabled_external_ca(self): test_config = { 'ssl': 'on', 'ssl_enabled': False, 'ssl_on': False, 'ssl_key': 'key1', 'ssl_cert': 'cert1' } self.config.side_effect = lambda x: test_config[x] self.assertEqual(ssl_utils.get_ssl_mode(), ('on', True))
def test_get_ssl_enabled_false(self): test_config = { 'ssl': 'on', 'ssl_enabled': False, 'ssl_on': False, 'ssl_key': None, 'ssl_cert': None } self.config.side_effect = lambda x: test_config[x] self.assertEqual(ssl_utils.get_ssl_mode(), ('on', False))
def test_get_ssl_enabled_true(self, get_relation_cert_data): get_relation_cert_data.return_value = {} test_config = { 'ssl': 'off', 'ssl_enabled': True, 'ssl_on': False, 'ssl_key': None, 'ssl_cert': None } self.config.side_effect = lambda x: test_config[x] self.assertEqual(ssl_utils.get_ssl_mode(), ('on', False))
def test_get_ssl_enabled_external_ca(self, get_relation_cert_data): get_relation_cert_data.return_value = {} test_config = { 'ssl': 'on', 'ssl_enabled': False, 'ssl_on': False, 'ssl_key': 'key1', 'ssl_cert': 'cert1' } self.config.side_effect = lambda x: test_config[x] self.assertEqual(ssl_utils.get_ssl_mode(), ('on', True))
def test_get_ssl_enabled_true(self, get_relation_cert_data): get_relation_cert_data.return_value = {} test_config = { 'ssl': 'off', 'ssl_enabled': True, 'ssl_on': False, 'ssl_key': None, 'ssl_cert': None} self.config.side_effect = lambda x: test_config[x] self.assertEqual( ssl_utils.get_ssl_mode(), ('on', False))
def test_get_ssl_enabled_external_ca(self, get_relation_cert_data): get_relation_cert_data.return_value = {} test_config = { 'ssl': 'on', 'ssl_enabled': False, 'ssl_on': False, 'ssl_key': 'key1', 'ssl_cert': 'cert1'} self.config.side_effect = lambda x: test_config[x] self.assertEqual( ssl_utils.get_ssl_mode(), ('on', True))
def __call__(self): """ The legacy config support adds some additional complications. ssl_enabled = True, ssl = off -> ssl enabled ssl_enabled = False, ssl = on -> ssl enabled """ ssl_mode, external_ca = ssl_utils.get_ssl_mode() ctxt = { 'ssl_mode': ssl_mode, } if ssl_mode == 'off': close_port(config('ssl_port')) ssl_utils.reconfigure_client_ssl() return ctxt if ssl_mode == ssl_utils.CERTS_FROM_RELATION: relation_certs = ssl_utils.get_relation_cert_data() ctxt['ssl_mode'] = 'on' ssl_key = convert_from_base64(relation_certs['key']) ssl_cert = convert_from_base64(relation_certs['cert']) ssl_ca = convert_from_base64(relation_certs['ca']) ssl_port = config('ssl_port') else: ssl_key = convert_from_base64(config('ssl_key')) ssl_cert = convert_from_base64(config('ssl_cert')) ssl_ca = convert_from_base64(config('ssl_ca')) ssl_port = config('ssl_port') # If external managed certs then we need all the fields. if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and not all((ssl_key, ssl_cert))): log('If ssl_key or ssl_cert are specified both are required.', level=ERROR) sys.exit(1) if not external_ca: ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert() ctxt.update( self.enable_ssl(ssl_key, ssl_cert, ssl_port, ssl_ca, ssl_only=(ssl_mode == "only"), ssl_client=False)) ssl_utils.reconfigure_client_ssl(True) open_port(ssl_port) return ctxt
def __call__(self): """ The legacy config support adds some additional complications. ssl_enabled = True, ssl = off -> ssl enabled ssl_enabled = False, ssl = on -> ssl enabled """ ssl_mode, external_ca = ssl_utils.get_ssl_mode() ctxt = { 'ssl_mode': ssl_mode, } if ssl_mode == 'off': close_port(config('ssl_port')) ssl_utils.reconfigure_client_ssl() return ctxt if ssl_mode == ssl_utils.CERTS_FROM_RELATION: relation_certs = ssl_utils.get_relation_cert_data() ctxt['ssl_mode'] = 'on' ssl_key = convert_from_base64(relation_certs['key']) ssl_cert = convert_from_base64(relation_certs['cert']) ssl_ca = convert_from_base64(relation_certs['ca']) ssl_port = config('ssl_port') else: ssl_key = convert_from_base64(config('ssl_key')) ssl_cert = convert_from_base64(config('ssl_cert')) ssl_ca = convert_from_base64(config('ssl_ca')) ssl_port = config('ssl_port') # If external managed certs then we need all the fields. if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and not all((ssl_key, ssl_cert))): log('If ssl_key or ssl_cert are specified both are required.', level=ERROR) sys.exit(1) if not external_ca: ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert() ctxt.update(self.enable_ssl( ssl_key, ssl_cert, ssl_port, ssl_ca, ssl_only=(ssl_mode == "only"), ssl_client=False )) ssl_utils.reconfigure_client_ssl(True) open_port(ssl_port) return ctxt