From d23a77105bcb53cf797b2f11db1194ee9e4e1e85 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Fri, 16 Mar 2018 18:01:00 -0500
Subject: [PATCH] Polish TLS patch set

This patch set performs non-critical polish fix to [0].

[0] https://review.openstack.org/#/c/552171/

Change-Id: I5bbb64d5af65782665fd659886e55e25bac61452
Signed-off-by: Tin Lam <tin@irrational.io>
---
 keystone/templates/deployment-api.yaml  | 4 ++--
 keystone/templates/secret-ldap-tls.yaml | 4 ++--
 keystone/values.yaml                    | 5 ++---
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index c267795312..2828d39aa2 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -108,8 +108,8 @@ spec:
             readOnly: true
 {{- if .Values.endpoints.ldap.auth.client.tls.ca }}
           - name: keystone-ldap-tls
-            mountPath: /etc/certs/ldap-certs.cert
-            subPath: ldap-certs.cert
+            mountPath: /etc/keystone/ldap/tls.ca
+            subPath: tls.ca
             readOnly: true
 {{- end }}
 {{- if eq .Values.conf.keystone.token.provider "fernet" }}
diff --git a/keystone/templates/secret-ldap-tls.yaml b/keystone/templates/secret-ldap-tls.yaml
index 9b83bec422..1197c37d3b 100644
--- a/keystone/templates/secret-ldap-tls.yaml
+++ b/keystone/templates/secret-ldap-tls.yaml
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-{{- if and .Values.manifests.secret_ldap_tls .Values.endpoints.ldap.auth.client.tls.ca }}
+{{- if .Values.endpoints.ldap.auth.client.tls.ca }}
 ---
 apiVersion: v1
 kind: Secret
@@ -22,5 +22,5 @@ metadata:
   name: {{ .Values.secrets.ldap.tls }}
 type: Opaque
 data:
-  ldap-certs.cert: {{ .Values.endpoints.ldap.auth.client.tls.ca | default "" | b64enc }}
+  tls.ca: {{ .Values.endpoints.ldap.auth.client.tls.ca | default "" | b64enc }}
 {{- end }}
diff --git a/keystone/values.yaml b/keystone/values.yaml
index 62cb25765f..ca46b8c0e2 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -840,13 +840,13 @@ endpoints:
       client:
         tls:
           # NOTE(lamt): Specify a CA value here will place a LDAPS certificate at
-          # /etc/certs/ldap-certs.cert.  To ensure keystone uses LDAPS, the
+          # /etc/certs/tls.ca.  To ensure keystone uses LDAPS, the
           # following key will need to be overrided under section [ldap] or the
           # correct domain-specific setting, else it will not be enabled:
           #
           #   use_tls: true
           #   tls_req_cert: allow # Valid values: demand, never, allow
-          #   tls_cacertfile: /etc/certs/ldap-certs.cert # abs path to the CA cert
+          #   tls_cacertfile: /etc/certs/tls.ca # abs path to the CA cert
           ca: null
 
 manifests:
@@ -871,6 +871,5 @@ manifests:
   secret_fernet_keys: true
   secret_keystone: true
   secret_rabbitmq: true
-  secret_ldap_tls: false
   service_ingress_api: true
   service_api: true