Polish TLS patch set

This patch set performs non-critical polish fix to [0]. [0] https://review.openstack.org/#/c/552171/ Change-Id: I5bbb64d5af65782665fd659886e55e25bac61452 Signed-off-by: Tin Lam <tin@irrational.io>
2018-03-16 18:01:00 -05:00 · 2018-03-16 18:01:00 -05:00 · d23a77105b
commit d23a77105b
parent ac2b8a090b
3 changed files with 6 additions and 7 deletions
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@ -108,8 +108,8 @@ spec:
            readOnly: true
 {{- if .Values.endpoints.ldap.auth.client.tls.ca }}
          - name: keystone-ldap-tls
-            mountPath: /etc/certs/ldap-certs.cert
-            subPath: ldap-certs.cert
+            mountPath: /etc/keystone/ldap/tls.ca
+            subPath: tls.ca
            readOnly: true
 {{- end }}
 {{- if eq .Values.conf.keystone.token.provider "fernet" }}
--- a/keystone/templates/secret-ldap-tls.yaml
+++ b/keystone/templates/secret-ldap-tls.yaml
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}

-{{- if and .Values.manifests.secret_ldap_tls .Values.endpoints.ldap.auth.client.tls.ca }}
+{{- if .Values.endpoints.ldap.auth.client.tls.ca }}
 ---
 apiVersion: v1
 kind: Secret
@ -22,5 +22,5 @@ metadata:
  name: {{ .Values.secrets.ldap.tls }}
 type: Opaque
 data:
-  ldap-certs.cert: {{ .Values.endpoints.ldap.auth.client.tls.ca | default "" | b64enc }}
+  tls.ca: {{ .Values.endpoints.ldap.auth.client.tls.ca | default "" | b64enc }}
 {{- end }}
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -840,13 +840,13 @@ endpoints:
      client:
        tls:
          # NOTE(lamt): Specify a CA value here will place a LDAPS certificate at
-          # /etc/certs/ldap-certs.cert.  To ensure keystone uses LDAPS, the
+          # /etc/certs/tls.ca.  To ensure keystone uses LDAPS, the
          # following key will need to be overrided under section [ldap] or the
          # correct domain-specific setting, else it will not be enabled:
          #
          #   use_tls: true
          #   tls_req_cert: allow # Valid values: demand, never, allow
-          #   tls_cacertfile: /etc/certs/ldap-certs.cert # abs path to the CA cert
+          #   tls_cacertfile: /etc/certs/tls.ca # abs path to the CA cert
          ca: null

 manifests:
@ -871,6 +871,5 @@ manifests:
  secret_fernet_keys: true
  secret_keystone: true
  secret_rabbitmq: true
-  secret_ldap_tls: false
  service_ingress_api: true
  service_api: true