From 51a7666d0d50d0ed13c556d97aded50a3e7f30de Mon Sep 17 00:00:00 2001
From: xudan <xudan16@huawei.com>
Date: Mon, 12 Feb 2018 02:17:28 -0500
Subject: Add a function to check the cacert file

1. Currently it won't pass the cacert file to other containers if the
   OS_AUTH_URL is http not https.
2. However, even though the OS_AUTH_URL is http, it still needs cacert file
   somewhere for Functest and Rally.
3. This problem is found on Fuel Euphrates.
4. Add a function to check whether the cacert file exists.
5. If exists, pass it to testing project containers.

JIRA: DOVETAIL-616

Change-Id: Ied7bcc72e8f1c738bbce32c18096ca13641d3cd7
Signed-off-by: xudan <xudan16@huawei.com>
---
 dovetail/container.py | 30 +++++++++++++-----------------
 1 file changed, 13 insertions(+), 17 deletions(-)

(limited to 'dovetail/container.py')

diff --git a/dovetail/container.py b/dovetail/container.py
index 69dd5e9a..ca37d810 100644
--- a/dovetail/container.py
+++ b/dovetail/container.py
@@ -194,24 +194,20 @@ class Container(object):
 
         cacert_volume = ""
         https_enabled = dt_utils.check_https_enabled(cls.logger)
-        cacert = os.getenv('OS_CACERT',)
-        if https_enabled:
-            cls.logger.info("https enabled...")
-            if cacert is not None:
-                if not os.path.isfile(cacert):
-                    cls.logger.error("Env variable 'OS_CACERT' is set to {} "
-                                     "but the file does not exist."
-                                     .format(cacert))
-                    return None
-                elif not dovetail_config['config_dir'] in cacert:
-                    cls.logger.error("Credential file has to be put in {}, "
-                                     "which can be mount into container."
-                                     .format(dovetail_config['config_dir']))
-                    return None
+        cacert = os.getenv('OS_CACERT')
+        insecure = os.getenv('OS_INSECURE')
+        if cacert is not None:
+            if dt_utils.check_cacert_file(cacert, cls.logger):
                 cacert_volume = ' -v %s:%s ' % (cacert, cacert)
             else:
-                cls.logger.warn("https enabled, OS_CACERT not set, insecure "
-                                "connection used or OS_CACERT missed")
+                return None
+        elif https_enabled:
+            if insecure and insecure.lower() == 'true':
+                cls.logger.debug("Use the insecure mode...")
+            else:
+                cls.logger.error("https enabled, please set OS_CACERT or "
+                                 "insecure mode...")
+                return None
 
         result_volume = ' -v %s:%s ' % (dovetail_config['result_dir'],
                                         dovetail_config[type]['result']['dir'])
@@ -292,7 +288,7 @@ class Container(object):
             return None
         if cls.has_pull_latest_image[validate_type] is True:
             cls.logger.debug(
-                '{} is already the newest version.'.format(docker_image))
+                '{} is already the latest one.'.format(docker_image))
             return docker_image
         old_image_id = cls.get_image_id(docker_image)
         if not cls.pull_image_only(docker_image):
-- 
cgit 1.2.3-korg