def test_reconfigure_client_ssl_no_ssl(self, relation_set, configure_client_ssl, relation_get, relation_ids, local_unit): relation_ids.return_value = ['rel1'] relation_get.return_value = {'ssl_key': 'aa'} ssl_utils.reconfigure_client_ssl(ssl_enabled=False) relation_set.assert_called_with(relation_id='rel1', ssl_ca='', ssl_cert='', ssl_key='', ssl_port='')
def test_reconfigure_client_ssl_no_ssl(self, relation_set, configure_client_ssl, relation_get, relation_ids, local_unit): relation_ids.return_value = ['rel1'] relation_get.return_value = {'ssl_key': 'aa'} ssl_utils.reconfigure_client_ssl(ssl_enabled=False) relation_set.assert_called_with( relation_id='rel1', ssl_ca='', ssl_cert='', ssl_key='', ssl_port='')
def __call__(self): """ The legacy config support adds some additional complications. ssl_enabled = True, ssl = off -> ssl enabled ssl_enabled = False, ssl = on -> ssl enabled """ ssl_mode, external_ca = ssl_utils.get_ssl_mode() ctxt = { 'ssl_mode': ssl_mode, } if ssl_mode == 'off': close_port(config('ssl_port')) ssl_utils.reconfigure_client_ssl() return ctxt if ssl_mode == ssl_utils.CERTS_FROM_RELATION: relation_certs = ssl_utils.get_relation_cert_data() ctxt['ssl_mode'] = 'on' ssl_key = convert_from_base64(relation_certs['key']) ssl_cert = convert_from_base64(relation_certs['cert']) ssl_ca = convert_from_base64(relation_certs['ca']) ssl_port = config('ssl_port') else: ssl_key = convert_from_base64(config('ssl_key')) ssl_cert = convert_from_base64(config('ssl_cert')) ssl_ca = convert_from_base64(config('ssl_ca')) ssl_port = config('ssl_port') # If external managed certs then we need all the fields. if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and not all((ssl_key, ssl_cert))): log('If ssl_key or ssl_cert are specified both are required.', level=ERROR) sys.exit(1) if not external_ca: ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert() ctxt.update( self.enable_ssl(ssl_key, ssl_cert, ssl_port, ssl_ca, ssl_only=(ssl_mode == "only"), ssl_client=False)) ssl_utils.reconfigure_client_ssl(True) open_port(ssl_port) return ctxt
def __call__(self): """ The legacy config support adds some additional complications. ssl_enabled = True, ssl = off -> ssl enabled ssl_enabled = False, ssl = on -> ssl enabled """ ssl_mode, external_ca = ssl_utils.get_ssl_mode() ctxt = { 'ssl_mode': ssl_mode, } if ssl_mode == 'off': close_port(config('ssl_port')) ssl_utils.reconfigure_client_ssl() return ctxt if ssl_mode == ssl_utils.CERTS_FROM_RELATION: relation_certs = ssl_utils.get_relation_cert_data() ctxt['ssl_mode'] = 'on' ssl_key = convert_from_base64(relation_certs['key']) ssl_cert = convert_from_base64(relation_certs['cert']) ssl_ca = convert_from_base64(relation_certs['ca']) ssl_port = config('ssl_port') else: ssl_key = convert_from_base64(config('ssl_key')) ssl_cert = convert_from_base64(config('ssl_cert')) ssl_ca = convert_from_base64(config('ssl_ca')) ssl_port = config('ssl_port') # If external managed certs then we need all the fields. if (ssl_mode in ('on', 'only') and any((ssl_key, ssl_cert)) and not all((ssl_key, ssl_cert))): log('If ssl_key or ssl_cert are specified both are required.', level=ERROR) sys.exit(1) if not external_ca: ssl_cert, ssl_key, ssl_ca = ServiceCA.get_service_cert() ctxt.update(self.enable_ssl( ssl_key, ssl_cert, ssl_port, ssl_ca, ssl_only=(ssl_mode == "only"), ssl_client=False )) ssl_utils.reconfigure_client_ssl(True) open_port(ssl_port) return ctxt
def test_reconfigure_client_ssl(self, relation_set, configure_client_ssl, relation_get, relation_ids, local_unit): relation_ids.return_value = ['rel1'] relation_get.return_value = {} ssl_utils.reconfigure_client_ssl(ssl_enabled=True) configure_client_ssl.assert_called_with({})
def test_reconfigure_client_ssl(self, relation_set, configure_client_ssl, relation_get, relation_ids, local_unit): relation_ids.return_value = ['rel1'] relation_get.return_value = {} ssl_utils.reconfigure_client_ssl(ssl_enabled=True) configure_client_ssl.assert_called_with({})