1
# Copyright 2014-2015 Canonical Limited.
3
# Licensed under the Apache License, Version 2.0 (the "License");
4
# you may not use this file except in compliance with the License.
5
# You may obtain a copy of the License at
7
# http://www.apache.org/licenses/LICENSE-2.0
9
# Unless required by applicable law or agreed to in writing, software
10
# distributed under the License is distributed on an "AS IS" BASIS,
11
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
# See the License for the specific language governing permissions and
13
# limitations under the License.
16
# Copyright 2012 Canonical Ltd.
18
# This file is sourced from lp:openstack-charm-helpers
21
# James Page <james.page@ubuntu.com>
22
# Adam Gandelman <adamg@ubuntu.com>
28
from charmhelpers.core.hookenv import (
32
related_units as relation_list,
38
def get_cert(cn=None):
39
# TODO: deal with multiple https endpoints via charm config
40
cert = config_get('ssl_cert')
41
key = config_get('ssl_key')
42
if not (cert and key):
43
log("Inspecting identity-service relations for SSL certificate.",
47
ssl_cert_attr = 'ssl_cert_{}'.format(cn)
48
ssl_key_attr = 'ssl_key_{}'.format(cn)
50
ssl_cert_attr = 'ssl_cert'
51
ssl_key_attr = 'ssl_key'
52
for r_id in relation_ids('identity-service'):
53
for unit in relation_list(r_id):
55
cert = relation_get(ssl_cert_attr,
58
key = relation_get(ssl_key_attr,
64
ca_cert = config_get('ssl_ca')
66
log("Inspecting identity-service relations for CA SSL certificate.",
68
for r_id in relation_ids('identity-service'):
69
for unit in relation_list(r_id):
71
ca_cert = relation_get('ca_cert',
76
def retrieve_ca_cert(cert_file):
78
if os.path.isfile(cert_file):
79
with open(cert_file, 'r') as crt:
84
def install_ca_cert(ca_cert):
86
cert_file = ('/usr/local/share/ca-certificates/'
87
'keystone_juju_ca_cert.crt')
88
old_cert = retrieve_ca_cert(cert_file)
89
if old_cert and old_cert == ca_cert:
90
log("CA cert is the same as installed version", level=INFO)
92
log("Installing new CA cert", level=INFO)
93
with open(cert_file, 'w') as crt:
95
subprocess.check_call(['update-ca-certificates', '--fresh'])