From c9f44a7ceccea85693bb0afed6e721ca953fb04a Mon Sep 17 00:00:00 2001
From: Liam Young <liam.young@canonical.com>
Date: Fri, 10 May 2019 12:48:01 +0000
Subject: [PATCH] Check Apache ssl dir when determining restart map

If the certificates that Apache is using change then services needs
to be restarted. This change adds the SSL directory to the restart
map to ensure any certificate changes trigger a restart.

Change-Id: Idbdceb5acd80c06a2bde02f9df88a9d9fd2404fb
Closes-Bug: 1828530
---
 hooks/glance_utils.py           | 11 +++++++++--
 unit_tests/test_glance_utils.py | 25 +++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/hooks/glance_utils.py b/hooks/glance_utils.py
index 28a83b30..1f02898b 100644
--- a/hooks/glance_utils.py
+++ b/hooks/glance_utils.py
@@ -124,6 +124,8 @@ HAPROXY_CONF = "/etc/haproxy/haproxy.cfg"
 HTTPS_APACHE_CONF = "/etc/apache2/sites-available/openstack_https_frontend"
 HTTPS_APACHE_24_CONF = "/etc/apache2/sites-available/" \
     "openstack_https_frontend.conf"
+APACHE_SSL_DIR = '/etc/apache2/ssl/glance'
+
 MEMCACHED_CONF = '/etc/memcached.conf'
 
 TEMPLATES = 'templates/'
@@ -366,9 +368,14 @@ def restart_map():
         _map.append((MEMCACHED_CONF, ['memcached']))
 
     if cmp_release >= 'stein':
-        _map.append((GLANCE_POLICY_FILE, ['glance-api']))
+        glance_svcs = ['glance-api']
     else:
-        _map.append((GLANCE_POLICY_FILE, ['glance-api', 'glance-registry']))
+        glance_svcs = ['glance-api', 'glance-registry']
+
+    _map.append((GLANCE_POLICY_FILE, glance_svcs))
+
+    if os.path.isdir(APACHE_SSL_DIR):
+        _map.append(('{}/*'.format(APACHE_SSL_DIR), glance_svcs + ['apache2']))
 
     return OrderedDict(_map)
 
diff --git a/unit_tests/test_glance_utils.py b/unit_tests/test_glance_utils.py
index 557781aa..4ce683f8 100644
--- a/unit_tests/test_glance_utils.py
+++ b/unit_tests/test_glance_utils.py
@@ -183,6 +183,31 @@ class TestGlanceUtils(CharmTestCase):
         del ex_map[utils.MEMCACHED_CONF]
         self.assertEqual(ex_map, utils.restart_map())
 
+    @patch.object(utils.os.path, 'isdir')
+    def test_restart_map_stein_ssl(self, isdir):
+        isdir.return_value = True
+        self.enable_memcache.return_value = True
+        self.config.side_effect = None
+        self.service_name.return_value = 'glance'
+        self.os_release.return_value = 'stein'
+
+        ex_map = OrderedDict([
+            (utils.GLANCE_API_CONF, ['glance-api']),
+            (utils.GLANCE_SWIFT_CONF, ['glance-api']),
+            (utils.ceph_config_file(), ['glance-api']),
+            (utils.HAPROXY_CONF, ['haproxy']),
+            (utils.HTTPS_APACHE_CONF, ['apache2']),
+            (utils.HTTPS_APACHE_24_CONF, ['apache2']),
+            (utils.MEMCACHED_CONF, ['memcached']),
+            (utils.GLANCE_POLICY_FILE, ['glance-api']),
+            ('{}/*'.format(utils.APACHE_SSL_DIR),
+             ['glance-api', 'apache2']),
+        ])
+        self.assertEqual(ex_map, utils.restart_map())
+        self.enable_memcache.return_value = False
+        del ex_map[utils.MEMCACHED_CONF]
+        self.assertEqual(ex_map, utils.restart_map())
+
     @patch.object(utils, 'token_cache_pkgs')
     def test_determine_packages(self, token_cache_pkgs):
         self.config.side_effect = None