Juju Charms Collection
openstack-dashboard package

Merge lp:~cbjchen/charms/trusty/openstack-dashboard/enforce-ssl into lp:~openstack-charmers-archive/charms/trusty/openstack-dashboard/next

  1. Trusty Tahr (14.04)
  2. enforce-ssl
  3. Merge into next
Proposed by Liang Chen
Status: Needs review
Proposed branch: lp:~cbjchen/charms/trusty/openstack-dashboard/enforce-ssl
Merge into: lp:~openstack-charmers-archive/charms/trusty/openstack-dashboard/next
Diff against target: 95 lines (+35/-1) (has conflicts)
4 files modified
config.yaml (+9/-0)
hooks/horizon_contexts.py (+11/-0)
templates/default (+5/-0)
unit_tests/test_horizon_contexts.py (+10/-1)
Text conflict in config.yaml
To merge this branch: bzr merge lp:~cbjchen/charms/trusty/openstack-dashboard/enforce-ssl
Reviewer Review Type Date Requested Status
James Page Disapprove
Jonathan Davies Pending
Review via email: mp+292344@code.launchpad.net

This proposal supersedes a proposal from 2015-04-02.

Description of the change

Adding a enforce-ssl config option to enforce a redirection of port 80 to 443.

To post a comment you must log in.
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_lint_check #3079 openstack-dashboard-next for cbjchen mp255156
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/3079/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_unit_test #2867 openstack-dashboard-next for cbjchen mp255156
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/2867/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_amulet_test #2897 openstack-dashboard-next for cbjchen mp255156
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/10757814/
Build: http://10.245.162.77:8080/job/charm_amulet_test/2897/

Revision history for this message
Jonathan Davies (jpds) wrote : Posted in a previous version of this proposal

HTTPS is on 443 (and the number might not even be necessary with https://).

review: Needs Fixing
Revision history for this message
Liang Chen (cbjchen) wrote : Posted in a previous version of this proposal

Jonathan,

Thanks a lot! 433 would skip haproxy and directly hit apache. I will re-submit the patch.

Thanks,
Liang

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_lint_check #3110 openstack-dashboard-next for cbjchen mp255156
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/3110/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_unit_test #2898 openstack-dashboard-next for cbjchen mp255156
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/2898/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_amulet_test #2943 openstack-dashboard-next for cbjchen mp255156
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/10767172/
Build: http://10.245.162.77:8080/job/charm_amulet_test/2943/

Revision history for this message
James Page (james-page) wrote : Posted in a previous version of this proposal

Hi Liang

This generally looks OK - a couple of minor comments on the change below.

I had a merge conflict when I reviewed - please can you rebase again.

I'd also like to see some unit tests to exercise this configuration option before we land it.

review: Needs Fixing
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_unit_test #3602 openstack-dashboard-next for cbjchen mp255156
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/3602/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_lint_check #3815 openstack-dashboard-next for cbjchen mp255156
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/3815/

Revision history for this message
Liang Chen (cbjchen) wrote : Posted in a previous version of this proposal

Hi James,

Thanks for the review. I rebased the patch and added unit test for the new config option. Please take a look. Thank you!

Thanks,
Liang

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_lint_check #4236 openstack-dashboard-next for cbjchen mp255156
    LINT FAIL: lint-test failed

LINT Results (max last 2 lines):
make: *** [lint] Error 1
ERROR:root:Make target returned non-zero.

Full lint test output: http://paste.ubuntu.com/10965099/
Build: http://10.245.162.77:8080/job/charm_lint_check/4236/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_lint_check #4252 openstack-dashboard-next for cbjchen mp255156
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/4252/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_unit_test #3978 openstack-dashboard-next for cbjchen mp255156
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/3978/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_lint_check #11086 openstack-dashboard-next for cbjchen mp255156
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/11086/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_unit_test #10293 openstack-dashboard-next for cbjchen mp255156
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/10293/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_amulet_test #6893 openstack-dashboard-next for cbjchen mp255156
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/12625367/
Build: http://10.245.162.77:8080/job/charm_amulet_test/6893/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_amulet_test #6931 openstack-dashboard-next for cbjchen mp255156
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/6931/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote : Posted in a previous version of this proposal

charm_amulet_test #7029 openstack-dashboard-next for cbjchen mp255156
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/7029/

Revision history for this message
James Page (james-page) wrote :

Hi

OpenStack Charm development is no longer hosted on launchpad; please read

  https://github.com/openstack-charmers/openstack-community/blob/master/README.dev-charms.md

and re-target your changes to the appropriate locations!

Thanks!

review: Disapprove
Reply

Unmerged revisions

90. By lchen <<email address hidden>@canonical.com>

  Add enfore-ssl config option

  Add an enforce-ssl config option to redirect 80
  port traffic to 433

  [cbjchen,r=]

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2016-02-18 13:52:53 +0000
3+++ config.yaml 2016-04-20 07:12:26 +0000
4@@ -193,6 +193,7 @@
5 wait for you to execute the openstack-upgrade action for this charm on
6 each unit. If False it will revert to existing behavior of upgrading
7 all units on config change.
8+<<<<<<< TREE
9 haproxy-server-timeout:
10 type: int
11 default:
12@@ -217,3 +218,11 @@
13 description: |
14 Connect timeout configuration in ms for haproxy, used in HA
15 configurations. If not provided, default value of 5000ms is used.
16+=======
17+ enforce-ssl:
18+ type: boolean
19+ default: False
20+ description: |
21+ If True redirects plain http request to https port
22+
23+>>>>>>> MERGE-SOURCE
24
25=== modified file 'hooks/horizon_contexts.py'
26--- hooks/horizon_contexts.py 2016-02-18 15:13:57 +0000
27+++ hooks/horizon_contexts.py 2016-04-20 07:12:26 +0000
28@@ -14,6 +14,7 @@
29 HAProxyContext,
30 context_complete
31 )
32+from charmhelpers.contrib.openstack.utils import get_host_ip
33 from charmhelpers.contrib.hahelpers.apache import (
34 get_ca_cert,
35 get_cert,
36@@ -174,6 +175,16 @@
37 'http_port': 70,
38 'https_port': 433
39 }
40+ if config('enforce-ssl'):
41+ if config('vip'):
42+ addr = config('vip')
43+ elif config('prefer-ipv6'):
44+ addr = get_ipv6_addr()[0]
45+ else:
46+ addr = get_host_ip(unit_get('private-address'))
47+ ctxt['addr'] = addr
48+ ctxt['enforce_ssl'] = True
49+
50 return ctxt
51
52
53
54=== modified file 'templates/default'
55--- templates/default 2013-07-15 16:25:46 +0000
56+++ templates/default 2016-04-20 07:12:26 +0000
57@@ -1,4 +1,9 @@
58 <VirtualHost *:{{ http_port }}>
59+
60+ {% if enforce_ssl %}
61+ RedirectPermanent / https://{{ addr }}:443/
62+ {% endif %}
63+
64 ServerAdmin webmaster@localhost
65
66 DocumentRoot /var/www
67
68=== modified file 'unit_tests/test_horizon_contexts.py'
69--- unit_tests/test_horizon_contexts.py 2015-10-10 23:38:28 +0000
70+++ unit_tests/test_horizon_contexts.py 2016-04-20 07:12:26 +0000
71@@ -17,7 +17,8 @@
72 'context_complete',
73 'local_unit',
74 'unit_get',
75- 'pwgen'
76+ 'pwgen',
77+ 'get_host_ip'
78 ]
79
80
81@@ -50,6 +51,14 @@
82 self.assertEquals(horizon_contexts.ApacheContext()(),
83 {'http_port': 70, 'https_port': 433})
84
85+ def test_Apachecontext_enforce_ssl(self):
86+ self.test_config.set('enforce-ssl', True)
87+ self.get_host_ip.return_value = '10.0.0.1'
88+ self.assertEqual(horizon_contexts.ApacheContext()(),
89+ {'http_port': 70, 'https_port': 433,
90+ 'enforce_ssl': True,
91+ 'addr': '10.0.0.1'})
92+
93 @patch.object(horizon_contexts, 'get_ca_cert', lambda: None)
94 @patch('os.chmod')
95 def test_ApacheSSLContext_enabled(self, _chmod):

Subscribers

People subscribed via source and target branches