diff options
-rwxr-xr-x | functest/ci/check_os.sh | 29 | ||||
-rw-r--r-- | functest/tests/unit/utils/test_openstack_utils.py | 8 | ||||
-rwxr-xr-x | functest/utils/openstack_utils.py | 17 |
3 files changed, 43 insertions, 11 deletions
diff --git a/functest/ci/check_os.sh b/functest/ci/check_os.sh index 2c5c021c..3920b7ac 100755 --- a/functest/ci/check_os.sh +++ b/functest/ci/check_os.sh @@ -26,6 +26,11 @@ verify_connectivity() { return 1 } +verify_SSL_connectivity() { + openssl s_client -connect $1:$2 &>/dev/null + return $? +} + check_service() { local service cmd service=$1 @@ -63,10 +68,16 @@ fi echo "Checking OpenStack endpoints:" publicURL=$(openstack catalog show identity |awk '/public/ {print $4}') -publicIP=$(echo $publicURL|sed 's/^.*http\:\/\///'|sed 's/.[^:]*$//') +publicIP=$(echo $publicURL|sed 's/^.*http.*\:\/\///'|sed 's/.[^:]*$//') publicPort=$(echo $publicURL|sed 's/^.*://'|sed 's/\/.*$//') -echo ">>Verifying connectivity to the public endpoint $publicIP:$publicPort..." -verify_connectivity $publicIP $publicPort +https_enabled=$(echo $publicURL | grep 'https') +if [[ -n $https_enabled ]]; then + echo ">>Verifying SSL connectivity to the public endpoint $publicIP:$publicPort..." + verify_SSL_connectivity $publicIP $publicPort +else + echo ">>Verifying connectivity to the public endpoint $publicIP:$publicPort..." + verify_connectivity $publicIP $publicPort +fi RETVAL=$? if [ $RETVAL -ne 0 ]; then echo "ERROR: Cannot talk to the public endpoint $publicIP:$publicPort ." @@ -81,10 +92,16 @@ if [ -z ${adminURL} ]; then openstack catalog show identity exit 1 fi -adminIP=$(echo $adminURL|sed 's/^.*http\:\/\///'|sed 's/.[^:]*$//') +adminIP=$(echo $adminURL|sed 's/^.*http.*\:\/\///'|sed 's/.[^:]*$//') adminPort=$(echo $adminURL|sed 's/^.*://'|sed 's/.[^\/]*$//') -echo ">>Verifying connectivity to the admin endpoint $adminIP:$adminPort..." -verify_connectivity $adminIP $adminPort +https_enabled=$(echo $adminURL | grep 'https') +if [[ -n $https_enabled ]]; then + echo ">>Verifying SSL connectivity to the admin endpoint $adminIP:$adminPort..." + verify_SSL_connectivity $adminIP $adminPort +else + echo ">>Verifying connectivity to the admin endpoint $adminIP:$adminPort..." + verify_connectivity $adminIP $adminPort +fi RETVAL=$? if [ $RETVAL -ne 0 ]; then echo "ERROR: Cannot talk to the admin endpoint $adminIP:$adminPort ." diff --git a/functest/tests/unit/utils/test_openstack_utils.py b/functest/tests/unit/utils/test_openstack_utils.py index ef3764cc..f51a4991 100644 --- a/functest/tests/unit/utils/test_openstack_utils.py +++ b/functest/tests/unit/utils/test_openstack_utils.py @@ -28,7 +28,8 @@ class OSUtilsTesting(unittest.TestCase): 'OS_PROJECT_DOMAIN_NAME': os_prefix + 'project_domain_name', 'OS_PROJECT_NAME': os_prefix + 'project_name', 'OS_ENDPOINT_TYPE': os_prefix + 'endpoint_type', - 'OS_REGION_NAME': os_prefix + 'region_name'} + 'OS_REGION_NAME': os_prefix + 'region_name', + 'OS_CACERT': os_prefix + 'https_cacert'} def _get_os_env_vars(self): return {'username': 'test_username', 'password': 'test_password', @@ -37,7 +38,8 @@ class OSUtilsTesting(unittest.TestCase): 'project_domain_name': 'test_project_domain_name', 'project_name': 'test_project_name', 'endpoint_type': 'test_endpoint_type', - 'region_name': 'test_region_name'} + 'region_name': 'test_region_name', + 'https_cacert': 'test_https_cacert'} def setUp(self): self.env_vars = ['OS_AUTH_URL', 'OS_USERNAME', 'OS_PASSWORD'] @@ -299,7 +301,7 @@ class OSUtilsTesting(unittest.TestCase): 'OS_PROJECT_DOMAIN_NAME']) self.assertEqual(openstack_utils.get_rc_env_vars(), exp_resp) - @mock.patch('functest.utils.openstack_utils.get_rc_env_vars') + @mock.patch('functest.utils.openstack_utils') def test_check_credentials_missing_env(self, mock_get_rc_env): exp_resp = self.env_vars exp_resp.extend(['OS_TENANT_NAME']) diff --git a/functest/utils/openstack_utils.py b/functest/utils/openstack_utils.py index e33af63b..ffc870f6 100755 --- a/functest/utils/openstack_utils.py +++ b/functest/utils/openstack_utils.py @@ -82,7 +82,8 @@ def get_env_cred_dict(): 'OS_PROJECT_DOMAIN_NAME': 'project_domain_name', 'OS_PROJECT_NAME': 'project_name', 'OS_ENDPOINT_TYPE': 'endpoint_type', - 'OS_REGION_NAME': 'region_name' + 'OS_REGION_NAME': 'region_name', + 'OS_CACERT': 'https_cacert' } return env_cred_dict @@ -149,6 +150,11 @@ def get_credentials_for_rally(): if region_name is not None: cred_key = env_cred_dict.get('OS_REGION_NAME') rally_conf[cred_key] = region_name + + cacert = os.getenv('OS_CACERT') + if cacert is not None: + cred_key = env_cred_dict.get('OS_CACERT') + rally_conf[cred_key] = cacert return rally_conf @@ -168,7 +174,14 @@ def get_endpoint(service_type, endpoint_type='publicURL'): def get_session(other_creds={}): auth = get_session_auth(other_creds) - return session.Session(auth=auth) + cacert = os.getenv('OS_CACERT') + if cacert is not None: + if not os.path.isfile(cacert): + raise Exception("The 'OS_CACERT' environment" + "variable is set to %s but the file" + "does not exist.", cacert) + + return session.Session(auth=auth, verify=cacert) # ********************************************* |