aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xfunctest/ci/check_os.sh29
-rw-r--r--functest/tests/unit/utils/test_openstack_utils.py8
-rwxr-xr-xfunctest/utils/openstack_utils.py17
3 files changed, 43 insertions, 11 deletions
diff --git a/functest/ci/check_os.sh b/functest/ci/check_os.sh
index 2c5c021c..3920b7ac 100755
--- a/functest/ci/check_os.sh
+++ b/functest/ci/check_os.sh
@@ -26,6 +26,11 @@ verify_connectivity() {
return 1
}
+verify_SSL_connectivity() {
+ openssl s_client -connect $1:$2 &>/dev/null
+ return $?
+}
+
check_service() {
local service cmd
service=$1
@@ -63,10 +68,16 @@ fi
echo "Checking OpenStack endpoints:"
publicURL=$(openstack catalog show identity |awk '/public/ {print $4}')
-publicIP=$(echo $publicURL|sed 's/^.*http\:\/\///'|sed 's/.[^:]*$//')
+publicIP=$(echo $publicURL|sed 's/^.*http.*\:\/\///'|sed 's/.[^:]*$//')
publicPort=$(echo $publicURL|sed 's/^.*://'|sed 's/\/.*$//')
-echo ">>Verifying connectivity to the public endpoint $publicIP:$publicPort..."
-verify_connectivity $publicIP $publicPort
+https_enabled=$(echo $publicURL | grep 'https')
+if [[ -n $https_enabled ]]; then
+ echo ">>Verifying SSL connectivity to the public endpoint $publicIP:$publicPort..."
+ verify_SSL_connectivity $publicIP $publicPort
+else
+ echo ">>Verifying connectivity to the public endpoint $publicIP:$publicPort..."
+ verify_connectivity $publicIP $publicPort
+fi
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo "ERROR: Cannot talk to the public endpoint $publicIP:$publicPort ."
@@ -81,10 +92,16 @@ if [ -z ${adminURL} ]; then
openstack catalog show identity
exit 1
fi
-adminIP=$(echo $adminURL|sed 's/^.*http\:\/\///'|sed 's/.[^:]*$//')
+adminIP=$(echo $adminURL|sed 's/^.*http.*\:\/\///'|sed 's/.[^:]*$//')
adminPort=$(echo $adminURL|sed 's/^.*://'|sed 's/.[^\/]*$//')
-echo ">>Verifying connectivity to the admin endpoint $adminIP:$adminPort..."
-verify_connectivity $adminIP $adminPort
+https_enabled=$(echo $adminURL | grep 'https')
+if [[ -n $https_enabled ]]; then
+ echo ">>Verifying SSL connectivity to the admin endpoint $adminIP:$adminPort..."
+ verify_SSL_connectivity $adminIP $adminPort
+else
+ echo ">>Verifying connectivity to the admin endpoint $adminIP:$adminPort..."
+ verify_connectivity $adminIP $adminPort
+fi
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo "ERROR: Cannot talk to the admin endpoint $adminIP:$adminPort ."
diff --git a/functest/tests/unit/utils/test_openstack_utils.py b/functest/tests/unit/utils/test_openstack_utils.py
index ef3764cc..f51a4991 100644
--- a/functest/tests/unit/utils/test_openstack_utils.py
+++ b/functest/tests/unit/utils/test_openstack_utils.py
@@ -28,7 +28,8 @@ class OSUtilsTesting(unittest.TestCase):
'OS_PROJECT_DOMAIN_NAME': os_prefix + 'project_domain_name',
'OS_PROJECT_NAME': os_prefix + 'project_name',
'OS_ENDPOINT_TYPE': os_prefix + 'endpoint_type',
- 'OS_REGION_NAME': os_prefix + 'region_name'}
+ 'OS_REGION_NAME': os_prefix + 'region_name',
+ 'OS_CACERT': os_prefix + 'https_cacert'}
def _get_os_env_vars(self):
return {'username': 'test_username', 'password': 'test_password',
@@ -37,7 +38,8 @@ class OSUtilsTesting(unittest.TestCase):
'project_domain_name': 'test_project_domain_name',
'project_name': 'test_project_name',
'endpoint_type': 'test_endpoint_type',
- 'region_name': 'test_region_name'}
+ 'region_name': 'test_region_name',
+ 'https_cacert': 'test_https_cacert'}
def setUp(self):
self.env_vars = ['OS_AUTH_URL', 'OS_USERNAME', 'OS_PASSWORD']
@@ -299,7 +301,7 @@ class OSUtilsTesting(unittest.TestCase):
'OS_PROJECT_DOMAIN_NAME'])
self.assertEqual(openstack_utils.get_rc_env_vars(), exp_resp)
- @mock.patch('functest.utils.openstack_utils.get_rc_env_vars')
+ @mock.patch('functest.utils.openstack_utils')
def test_check_credentials_missing_env(self, mock_get_rc_env):
exp_resp = self.env_vars
exp_resp.extend(['OS_TENANT_NAME'])
diff --git a/functest/utils/openstack_utils.py b/functest/utils/openstack_utils.py
index e33af63b..ffc870f6 100755
--- a/functest/utils/openstack_utils.py
+++ b/functest/utils/openstack_utils.py
@@ -82,7 +82,8 @@ def get_env_cred_dict():
'OS_PROJECT_DOMAIN_NAME': 'project_domain_name',
'OS_PROJECT_NAME': 'project_name',
'OS_ENDPOINT_TYPE': 'endpoint_type',
- 'OS_REGION_NAME': 'region_name'
+ 'OS_REGION_NAME': 'region_name',
+ 'OS_CACERT': 'https_cacert'
}
return env_cred_dict
@@ -149,6 +150,11 @@ def get_credentials_for_rally():
if region_name is not None:
cred_key = env_cred_dict.get('OS_REGION_NAME')
rally_conf[cred_key] = region_name
+
+ cacert = os.getenv('OS_CACERT')
+ if cacert is not None:
+ cred_key = env_cred_dict.get('OS_CACERT')
+ rally_conf[cred_key] = cacert
return rally_conf
@@ -168,7 +174,14 @@ def get_endpoint(service_type, endpoint_type='publicURL'):
def get_session(other_creds={}):
auth = get_session_auth(other_creds)
- return session.Session(auth=auth)
+ cacert = os.getenv('OS_CACERT')
+ if cacert is not None:
+ if not os.path.isfile(cacert):
+ raise Exception("The 'OS_CACERT' environment"
+ "variable is set to %s but the file"
+ "does not exist.", cacert)
+
+ return session.Session(auth=auth, verify=cacert)
# *********************************************