Merge lp:~frankban/charms/precise/juju-gui/bug-1092515-certificates into lp:~juju-gui/charms/precise/juju-gui/trunk
- Precise Pangolin (12.04)
- bug-1092515-certificates
- Merge into trunk
Status: | Merged |
---|---|
Merged at revision: | 19 |
Proposed branch: | lp:~frankban/charms/precise/juju-gui/bug-1092515-certificates |
Merge into: | lp:~juju-gui/charms/precise/juju-gui/trunk |
Diff against target: |
283 lines (+94/-24) 7 files modified
config.yaml (+12/-0) config/nginx.conf.template (+2/-2) hooks/config-changed (+13/-4) hooks/install (+5/-1) hooks/start (+3/-1) hooks/utils.py (+30/-14) tests/test_utils.py (+29/-2) |
To merge this branch: | bzr merge lp:~frankban/charms/precise/juju-gui/bug-1092515-certificates |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Juju GUI Hackers | Pending | ||
Review via email: mp+141105@code.launchpad.net |
Commit message
Description of the change
Allow using an own SSL cert and private key.
Added two new config options, one for the certificate, one
for the private key. If they are both provided, they are used
by nginx, otherwise, a new certificate is automatically
generated.
Fixed a pre-existent bug: even if you can specify the
directory where to store the certificates, this path
was not used by nginx, because an hardcoded one was
present in the configuration file.
Improved how ssl options are handled in config-changes.
If the SSL path is changed using 'juju set', now that
change is reflected in the nginx config file, and the
service correctly restarted.
Added tests for the process of saving or generating SSL
certificates.
Some code clean up.
Please note that all the SSL stuff is still
disabled/commented.
Francesco Banconi (frankban) wrote : | # |
Francesco Banconi (frankban) wrote : | # |
Please take a look.
Nicola Larosa (teknico) wrote : | # |
Madison Scott-Clary (makyo) wrote : | # |
Gary Poster (gary) wrote : | # |
I'm distracted that I can't run the tests successfully--part of the
problem was that a new d3 release broke our build, and I asked bac to
fix that with a better package spec--but this looks good and should
land. Thank you!
Gary
Francesco Banconi (frankban) wrote : | # |
*** Submitted:
Allow using an own SSL cert and private key.
Added two new config options, one for the certificate, one
for the private key. If they are both provided, they are used
by nginx, otherwise, a new certificate is automatically
generated.
Fixed a pre-existent bug: even if you can specify the
directory where to store the certificates, this path
was not used by nginx, because an hardcoded one was
present in the configuration file.
Improved how ssl options are handled in config-changes.
If the SSL path is changed using 'juju set', now that
change is reflected in the nginx config file, and the
service correctly restarted.
Added tests for the process of saving or generating SSL
certificates.
Some code clean up.
Please note that all the SSL stuff is still
disabled/commented.
R=teknico, matthew.scott, gary.poster
CC=
https:/
Kapil Thangavelu (hazmat) wrote : | # |
fwiw, jujucharms.com supports ssl
On Sat, Dec 22, 2012 at 4:55 AM, Francesco Banconi <
<email address hidden>> wrote:
> *** Submitted:
>
> Allow using an own SSL cert and private key.
>
> Added two new config options, one for the certificate, one
> for the private key. If they are both provided, they are used
> by nginx, otherwise, a new certificate is automatically
> generated.
>
> Fixed a pre-existent bug: even if you can specify the
> directory where to store the certificates, this path
> was not used by nginx, because an hardcoded one was
> present in the configuration file.
>
> Improved how ssl options are handled in config-changes.
> If the SSL path is changed using 'juju set', now that
> change is reflected in the nginx config file, and the
> service correctly restarted.
>
> Added tests for the process of saving or generating SSL
> certificates.
>
> Some code clean up.
>
> Please note that all the SSL stuff is still
> disabled/commented.
>
> R=teknico, matthew.scott, gary.poster
> CC=
> https:/
>
>
> https:/
>
> --
>
> https:/
> Your team Juju GUI Hackers is requested to review the proposed merge of
> lp:~frankban/charms/precise/juju-gui/bug-1092515-certificates into
> lp:~juju-gui/charms/precise/juju-gui/trunk.
>
Preview Diff
1 | === modified file 'config.yaml' | |||
2 | --- config.yaml 2012-12-20 14:56:29 +0000 | |||
3 | +++ config.yaml 2012-12-21 17:47:23 +0000 | |||
4 | @@ -51,3 +51,15 @@ | |||
5 | 51 | The path to the directory where the SSL certificates are stored. | 51 | The path to the directory where the SSL certificates are stored. |
6 | 52 | type: string | 52 | type: string |
7 | 53 | default: /etc/ssl/private/juju-gui | 53 | default: /etc/ssl/private/juju-gui |
8 | 54 | ssl-cert-contents: | ||
9 | 55 | description: | | ||
10 | 56 | The contents of the certificate file to be used in SSL connections to | ||
11 | 57 | the GUI. Both ssl-cert-contents and ssl-key-contents must be provided. | ||
12 | 58 | If not, cetificates will be automatically generated. | ||
13 | 59 | type: string | ||
14 | 60 | ssl-key-contents: | ||
15 | 61 | description: | | ||
16 | 62 | The contents of the private key file to be used in SSL connections to | ||
17 | 63 | the GUI. Both ssl-cert-contents and ssl-key-contents must be provided. | ||
18 | 64 | If not, cetificates will be automatically generated. | ||
19 | 65 | type: string | ||
20 | 54 | 66 | ||
21 | === modified file 'config/nginx.conf.template' | |||
22 | --- config/nginx.conf.template 2012-12-20 18:02:44 +0000 | |||
23 | +++ config/nginx.conf.template 2012-12-21 17:47:23 +0000 | |||
24 | @@ -13,8 +13,8 @@ | |||
25 | 13 | root %(server_root)s; | 13 | root %(server_root)s; |
26 | 14 | index index.html; | 14 | index index.html; |
27 | 15 | # Uncomment to switch back to TLS connections. | 15 | # Uncomment to switch back to TLS connections. |
30 | 16 | # ssl_certificate /etc/ssl/private/juju-gui/server.pem; | 16 | # ssl_certificate %(ssl_cert_path)s/server.pem; |
31 | 17 | # ssl_certificate_key /etc/ssl/private/juju-gui/server.key; | 17 | # ssl_certificate_key %(ssl_cert_path)s/server.key; |
32 | 18 | 18 | ||
33 | 19 | # Serve static assets. | 19 | # Serve static assets. |
34 | 20 | location ^~ /juju-ui/ { | 20 | location ^~ /juju-ui/ { |
35 | 21 | 21 | ||
36 | === modified file 'hooks/config-changed' | |||
37 | --- hooks/config-changed 2012-12-20 14:56:29 +0000 | |||
38 | +++ hooks/config-changed 2012-12-21 17:47:23 +0000 | |||
39 | @@ -27,8 +27,8 @@ | |||
40 | 27 | fetch_gui, | 27 | fetch_gui, |
41 | 28 | GUI, | 28 | GUI, |
42 | 29 | IMPROV, | 29 | IMPROV, |
43 | 30 | save_or_create_certificates, | ||
44 | 30 | setup_gui, | 31 | setup_gui, |
45 | 31 | setup_nginx, | ||
46 | 32 | start_agent, | 32 | start_agent, |
47 | 33 | start_gui, | 33 | start_gui, |
48 | 34 | start_improv, | 34 | start_improv, |
49 | @@ -55,11 +55,18 @@ | |||
50 | 55 | release_tarball = fetch_gui( | 55 | release_tarball = fetch_gui( |
51 | 56 | config['juju-gui-source'], config['command-log-file']) | 56 | config['juju-gui-source'], config['command-log-file']) |
52 | 57 | setup_gui(release_tarball) | 57 | setup_gui(release_tarball) |
53 | 58 | setup_nginx(config['ssl-cert-path']) | ||
54 | 59 | if 'juju-api-branch' in added_or_changed: | 58 | if 'juju-api-branch' in added_or_changed: |
55 | 60 | juju_api_branch_changed = True | 59 | juju_api_branch_changed = True |
56 | 61 | fetch_api(config['juju-api-branch']) | 60 | fetch_api(config['juju-api-branch']) |
57 | 62 | 61 | ||
58 | 62 | # Handle changes to SSL certificates. | ||
59 | 63 | ssl_properties = set( | ||
60 | 64 | ['ssl-cert-path', 'ssl-cert-contents', 'ssl-key-contents']) | ||
61 | 65 | if added_or_changed & ssl_properties: | ||
62 | 66 | save_or_create_certificates( | ||
63 | 67 | config['ssl-cert-path'], config.get('ssl-cert-contents'), | ||
64 | 68 | config.get('ssl-key-contents')) | ||
65 | 69 | |||
66 | 63 | # Handle changes to the improv server configuration. | 70 | # Handle changes to the improv server configuration. |
67 | 64 | if staging: | 71 | if staging: |
68 | 65 | staging_properties = set( | 72 | staging_properties = set( |
69 | @@ -99,11 +106,13 @@ | |||
70 | 99 | gui_properties = set( | 106 | gui_properties = set( |
71 | 100 | ['juju-gui-console-enabled', 'juju-api-port', 'staging']) | 107 | ['juju-gui-console-enabled', 'juju-api-port', 'staging']) |
72 | 101 | gui_changed = added_or_changed & gui_properties | 108 | gui_changed = added_or_changed & gui_properties |
74 | 102 | if gui_changed or juju_gui_source_changed: | 109 | ssl_cert_path_changed = 'ssl-cert-path' in added_or_changed |
75 | 110 | if gui_changed or juju_gui_source_changed or ssl_cert_path_changed: | ||
76 | 103 | with su('root'): | 111 | with su('root'): |
77 | 104 | service_control(GUI, STOP) | 112 | service_control(GUI, STOP) |
78 | 105 | console_enabled = config.get('juju-gui-console-enabled') | 113 | console_enabled = config.get('juju-gui-console-enabled') |
80 | 106 | start_gui(juju_api_port, console_enabled, staging) | 114 | ssl_cert_path = config['ssl-cert-path'] |
81 | 115 | start_gui(juju_api_port, console_enabled, staging, ssl_cert_path) | ||
82 | 107 | 116 | ||
83 | 108 | 117 | ||
84 | 109 | def main(): | 118 | def main(): |
85 | 110 | 119 | ||
86 | === modified file 'hooks/install' | |||
87 | --- hooks/install 2012-12-20 14:56:29 +0000 | |||
88 | +++ hooks/install 2012-12-21 17:47:23 +0000 | |||
89 | @@ -28,6 +28,7 @@ | |||
90 | 28 | config_json, | 28 | config_json, |
91 | 29 | fetch_api, | 29 | fetch_api, |
92 | 30 | fetch_gui, | 30 | fetch_gui, |
93 | 31 | save_or_create_certificates, | ||
94 | 31 | setup_gui, | 32 | setup_gui, |
95 | 32 | setup_nginx, | 33 | setup_nginx, |
96 | 33 | ) | 34 | ) |
97 | @@ -51,7 +52,10 @@ | |||
98 | 51 | release_tarball = fetch_gui( | 52 | release_tarball = fetch_gui( |
99 | 52 | config['juju-gui-source'], config['command-log-file']) | 53 | config['juju-gui-source'], config['command-log-file']) |
100 | 53 | setup_gui(release_tarball) | 54 | setup_gui(release_tarball) |
102 | 54 | setup_nginx(config['ssl-cert-path']) | 55 | setup_nginx() |
103 | 56 | save_or_create_certificates( | ||
104 | 57 | config['ssl-cert-path'], config.get('ssl-cert-contents'), | ||
105 | 58 | config.get('ssl-key-contents')) | ||
106 | 55 | fetch_api(config['juju-api-branch']) | 59 | fetch_api(config['juju-api-branch']) |
107 | 56 | config_json.set(config) | 60 | config_json.set(config) |
108 | 57 | 61 | ||
109 | 58 | 62 | ||
110 | === modified file 'hooks/start' | |||
111 | --- hooks/start 2012-12-20 18:02:44 +0000 | |||
112 | +++ hooks/start 2012-12-21 17:47:23 +0000 | |||
113 | @@ -31,7 +31,9 @@ | |||
114 | 31 | config = get_config() | 31 | config = get_config() |
115 | 32 | juju_api_port = config['juju-api-port'] | 32 | juju_api_port = config['juju-api-port'] |
116 | 33 | staging = config.get('staging') | 33 | staging = config.get('staging') |
118 | 34 | start_gui(juju_api_port, config['juju-gui-console-enabled'], staging) | 34 | start_gui( |
119 | 35 | juju_api_port, config['juju-gui-console-enabled'], staging, | ||
120 | 36 | config['ssl-cert-path']) | ||
121 | 35 | if staging: | 37 | if staging: |
122 | 36 | start_improv(juju_api_port, config['staging-environment']) | 38 | start_improv(juju_api_port, config['staging-environment']) |
123 | 37 | else: | 39 | else: |
124 | 38 | 40 | ||
125 | === modified file 'hooks/utils.py' | |||
126 | --- hooks/utils.py 2012-12-20 14:56:29 +0000 | |||
127 | +++ hooks/utils.py 2012-12-21 17:47:23 +0000 | |||
128 | @@ -16,6 +16,7 @@ | |||
129 | 16 | 'JUJU_GUI_DIR', | 16 | 'JUJU_GUI_DIR', |
130 | 17 | 'parse_source', | 17 | 'parse_source', |
131 | 18 | 'render_to_file', | 18 | 'render_to_file', |
132 | 19 | 'save_or_create_certificates', | ||
133 | 19 | 'setup_gui', | 20 | 'setup_gui', |
134 | 20 | 'setup_nginx', | 21 | 'setup_nginx', |
135 | 21 | 'start_agent', | 22 | 'start_agent', |
136 | @@ -27,7 +28,6 @@ | |||
137 | 27 | import json | 28 | import json |
138 | 28 | import os | 29 | import os |
139 | 29 | import logging | 30 | import logging |
140 | 30 | import shutil | ||
141 | 31 | import tempfile | 31 | import tempfile |
142 | 32 | 32 | ||
143 | 33 | from launchpadlib.launchpad import Launchpad | 33 | from launchpadlib.launchpad import Launchpad |
144 | @@ -55,6 +55,7 @@ | |||
145 | 55 | CURRENT_DIR = os.getcwd() | 55 | CURRENT_DIR = os.getcwd() |
146 | 56 | JUJU_DIR = os.path.join(CURRENT_DIR, 'juju') | 56 | JUJU_DIR = os.path.join(CURRENT_DIR, 'juju') |
147 | 57 | JUJU_GUI_DIR = os.path.join(CURRENT_DIR, 'juju-gui') | 57 | JUJU_GUI_DIR = os.path.join(CURRENT_DIR, 'juju-gui') |
148 | 58 | JUJU_GUI_SITE = '/etc/nginx/sites-available/juju-gui' | ||
149 | 58 | 59 | ||
150 | 59 | # Store the configuration from on invocation to the next. | 60 | # Store the configuration from on invocation to the next. |
151 | 60 | config_json = Serializer('/tmp/config.json') | 61 | config_json = Serializer('/tmp/config.json') |
152 | @@ -210,9 +211,9 @@ | |||
153 | 210 | service_control(AGENT, START) | 211 | service_control(AGENT, START) |
154 | 211 | 212 | ||
155 | 212 | 213 | ||
157 | 213 | def start_gui(juju_api_port, console_enabled, staging, | 214 | def start_gui(juju_api_port, console_enabled, staging, ssl_cert_path, |
158 | 214 | config_path='/etc/init/juju-gui.conf', | 215 | config_path='/etc/init/juju-gui.conf', |
160 | 215 | nginx_path='/etc/nginx/sites-available/juju-gui', | 216 | nginx_path=JUJU_GUI_SITE, |
161 | 216 | config_js_path=None): | 217 | config_js_path=None): |
162 | 217 | """Set up and start the Juju GUI server.""" | 218 | """Set up and start the Juju GUI server.""" |
163 | 218 | with su('root'): | 219 | with su('root'): |
164 | @@ -233,7 +234,8 @@ | |||
165 | 233 | render_to_file('config.js.template', context, config_js_path) | 234 | render_to_file('config.js.template', context, config_js_path) |
166 | 234 | log('Generating the nginx site configuration file.') | 235 | log('Generating the nginx site configuration file.') |
167 | 235 | context = { | 236 | context = { |
169 | 236 | 'server_root': build_dir | 237 | 'server_root': build_dir, |
170 | 238 | 'ssl_cert_path': ssl_cert_path.rstrip('/'), | ||
171 | 237 | } | 239 | } |
172 | 238 | render_to_file('nginx.conf.template', context, nginx_path) | 240 | render_to_file('nginx.conf.template', context, nginx_path) |
173 | 239 | log('Starting Juju GUI.') | 241 | log('Starting Juju GUI.') |
174 | @@ -307,25 +309,39 @@ | |||
175 | 307 | cmd_log(run('ln', '-sf', first_path_in_dir(release_dir), JUJU_GUI_DIR)) | 309 | cmd_log(run('ln', '-sf', first_path_in_dir(release_dir), JUJU_GUI_DIR)) |
176 | 308 | 310 | ||
177 | 309 | 311 | ||
179 | 310 | def setup_nginx(ssl_cert_path): | 312 | def setup_nginx(): |
180 | 311 | """Set up nginx.""" | 313 | """Set up nginx.""" |
181 | 312 | log('Setting up nginx.') | 314 | log('Setting up nginx.') |
182 | 313 | nginx_default_site = '/etc/nginx/sites-enabled/default' | 315 | nginx_default_site = '/etc/nginx/sites-enabled/default' |
183 | 314 | juju_gui_site = '/etc/nginx/sites-available/juju-gui' | ||
184 | 315 | if os.path.exists(nginx_default_site): | 316 | if os.path.exists(nginx_default_site): |
185 | 316 | os.remove(nginx_default_site) | 317 | os.remove(nginx_default_site) |
189 | 317 | if not os.path.exists(juju_gui_site): | 318 | if not os.path.exists(JUJU_GUI_SITE): |
190 | 318 | cmd_log(run('touch', juju_gui_site)) | 319 | cmd_log(run('touch', JUJU_GUI_SITE)) |
191 | 319 | cmd_log(run('chown', 'ubuntu:', juju_gui_site)) | 320 | cmd_log(run('chown', 'ubuntu:', JUJU_GUI_SITE)) |
192 | 320 | cmd_log( | 321 | cmd_log( |
194 | 321 | run('ln', '-s', juju_gui_site, | 322 | run('ln', '-s', JUJU_GUI_SITE, |
195 | 322 | '/etc/nginx/sites-enabled/juju-gui')) | 323 | '/etc/nginx/sites-enabled/juju-gui')) |
197 | 323 | # Generate the nginx SSL certificates, if needed. | 324 | |
198 | 325 | |||
199 | 326 | def save_or_create_certificates( | ||
200 | 327 | ssl_cert_path, ssl_cert_contents, ssl_key_contents): | ||
201 | 328 | """Generate the SSL certificates. | ||
202 | 329 | |||
203 | 330 | If both *ssl_cert_contents* and *ssl_key_contents* are provided, use them | ||
204 | 331 | as certificates; otherwise, generate them. | ||
205 | 332 | """ | ||
206 | 324 | pem_path = os.path.join(ssl_cert_path, 'server.pem') | 333 | pem_path = os.path.join(ssl_cert_path, 'server.pem') |
207 | 325 | key_path = os.path.join(ssl_cert_path, 'server.key') | 334 | key_path = os.path.join(ssl_cert_path, 'server.key') |
211 | 326 | if not (os.path.exists(pem_path) and os.path.exists(key_path)): | 335 | if not os.path.exists(ssl_cert_path): |
212 | 327 | if not os.path.exists(ssl_cert_path): | 336 | os.makedirs(ssl_cert_path) |
213 | 328 | os.makedirs(ssl_cert_path) | 337 | if ssl_cert_contents and ssl_key_contents: |
214 | 338 | # Save the provided certificates. | ||
215 | 339 | with open(pem_path, 'w') as cert_file: | ||
216 | 340 | cert_file.write(ssl_cert_contents) | ||
217 | 341 | with open(key_path, 'w') as key_file: | ||
218 | 342 | key_file.write(ssl_key_contents) | ||
219 | 343 | else: | ||
220 | 344 | # Generate certificates. | ||
221 | 329 | # See http://superuser.com/questions/226192/openssl-without-prompt | 345 | # See http://superuser.com/questions/226192/openssl-without-prompt |
222 | 330 | cmd_log(run( | 346 | cmd_log(run( |
223 | 331 | 'openssl', 'req', '-new', '-newkey', 'rsa:4096', | 347 | 'openssl', 'req', '-new', '-newkey', 'rsa:4096', |
224 | 332 | 348 | ||
225 | === modified file 'tests/test_utils.py' | |||
226 | --- tests/test_utils.py 2012-12-20 13:27:30 +0000 | |||
227 | +++ tests/test_utils.py 2012-12-21 17:47:23 +0000 | |||
228 | @@ -16,6 +16,7 @@ | |||
229 | 16 | get_zookeeper_address, | 16 | get_zookeeper_address, |
230 | 17 | parse_source, | 17 | parse_source, |
231 | 18 | render_to_file, | 18 | render_to_file, |
232 | 19 | save_or_create_certificates, | ||
233 | 19 | start_agent, | 20 | start_agent, |
234 | 20 | start_gui, | 21 | start_gui, |
235 | 21 | start_improv, | 22 | start_improv, |
236 | @@ -288,6 +289,29 @@ | |||
237 | 288 | self.assertEqual(expected, self.destination_file.read()) | 289 | self.assertEqual(expected, self.destination_file.read()) |
238 | 289 | 290 | ||
239 | 290 | 291 | ||
240 | 292 | class SaveOrCreateCertificatesTest(unittest.TestCase): | ||
241 | 293 | |||
242 | 294 | def setUp(self): | ||
243 | 295 | base_dir = tempfile.mkdtemp() | ||
244 | 296 | self.addCleanup(shutil.rmtree, base_dir) | ||
245 | 297 | self.cert_path = os.path.join(base_dir, 'certificates') | ||
246 | 298 | self.cert_file = os.path.join(self.cert_path, 'server.pem') | ||
247 | 299 | self.key_file = os.path.join(self.cert_path, 'server.key') | ||
248 | 300 | |||
249 | 301 | def test_generation(self): | ||
250 | 302 | """Ensure certificates are correctly generated.""" | ||
251 | 303 | save_or_create_certificates( | ||
252 | 304 | self.cert_path, 'some ignored contents', None) | ||
253 | 305 | self.assertIn('CERTIFICATE', open(self.cert_file).read()) | ||
254 | 306 | self.assertIn('PRIVATE KEY', open(self.key_file).read()) | ||
255 | 307 | |||
256 | 308 | def test_provided_certificates(self): | ||
257 | 309 | # Ensure files are correctly saved if their contents are provided. | ||
258 | 310 | save_or_create_certificates(self.cert_path, 'mycert', 'mykey') | ||
259 | 311 | self.assertIn('mycert', open(self.cert_file).read()) | ||
260 | 312 | self.assertIn('mykey', open(self.key_file).read()) | ||
261 | 313 | |||
262 | 314 | |||
263 | 291 | class CmdLogTest(unittest.TestCase): | 315 | class CmdLogTest(unittest.TestCase): |
264 | 292 | def setUp(self): | 316 | def setUp(self): |
265 | 293 | # Patch the charmhelpers 'command', which powers get_config. The | 317 | # Patch the charmhelpers 'command', which powers get_config. The |
266 | @@ -382,12 +406,15 @@ | |||
267 | 382 | self.addCleanup(nginx_file.close) | 406 | self.addCleanup(nginx_file.close) |
268 | 383 | config_js_file = tempfile.NamedTemporaryFile() | 407 | config_js_file = tempfile.NamedTemporaryFile() |
269 | 384 | self.addCleanup(config_js_file.close) | 408 | self.addCleanup(config_js_file.close) |
272 | 385 | start_gui(port, False, True, self.destination_file.name, | 409 | start_gui( |
273 | 386 | nginx_file.name, config_js_file.name) | 410 | port, False, True, '/tmp/certificates/', |
274 | 411 | self.destination_file.name, nginx_file.name, config_js_file.name) | ||
275 | 387 | conf = self.destination_file.read() | 412 | conf = self.destination_file.read() |
276 | 388 | self.assertTrue('/usr/sbin/nginx' in conf) | 413 | self.assertTrue('/usr/sbin/nginx' in conf) |
277 | 389 | nginx_conf = nginx_file.read() | 414 | nginx_conf = nginx_file.read() |
278 | 390 | self.assertTrue('juju-gui/build-debug' in nginx_conf) | 415 | self.assertTrue('juju-gui/build-debug' in nginx_conf) |
279 | 416 | self.assertIn('/tmp/certificates/server.pem', nginx_conf) | ||
280 | 417 | self.assertIn('/tmp/certificates/server.key', nginx_conf) | ||
281 | 391 | self.assertEqual(self.svc_ctl_call_count, 1) | 418 | self.assertEqual(self.svc_ctl_call_count, 1) |
282 | 392 | self.assertEqual(self.service_names, ['juju-gui']) | 419 | self.assertEqual(self.service_names, ['juju-gui']) |
283 | 393 | self.assertEqual(self.actions, [charmhelpers.START]) | 420 | self.assertEqual(self.actions, [charmhelpers.START]) |
Reviewers: mp+141105_ code.launchpad. net,
Message:
Please take a look.
Description:
Allow using an own SSL cert and private key.
Added two new config options, one for the certificate, one
for the private key. If they are both provided, they are used
by nginx, otherwise, a new certificate is automatically
generated.
Fixed a pre-existent bug: even if you can specify the
directory where to store the certificates, this path
was not used by nginx, because an hardcoded one was
present in the configuration file.
Improved how ssl options are handled in config-changes.
If the SSL path is changed using 'juju set', now that
change is reflected in the nginx config file, and the
service correctly restarted.
Added tests for the process of saving or generating SSL
certificates.
Some code clean up.
Please note that all the SSL stuff is still
disabled/commented.
https:/ /code.launchpad .net/~frankban/ charms/ precise/ juju-gui/ bug-1092515- certificates/ +merge/ 141105
(do not edit description out of merge proposal)
Please review this at https:/ /codereview. appspot. com/6976046/
Affected files: nginx.conf. template config- changed test_utils. py
[revision details]
config.yaml
config/
hooks/
hooks/install
hooks/start
hooks/utils.py
tests/