From 809c47d502e5a687e122685cb512ff686189da2f Mon Sep 17 00:00:00 2001
From: helenyao <yaohelan@huawei.com>
Date: Fri, 10 Mar 2017 20:23:42 +0800
Subject: Support running on openstack which enabled https

JIRA: FUNCTEST-757

Change-Id: Ic87bee3020b9714bcd83105127440a9c1a7ff2ad
Signed-off-by: helenyao <yaohelan@huawei.com>
(cherry picked from commit 4a989722feca53e1baa6f64985841bd6a244d627)
---
 functest/ci/check_os.sh                           | 29 ++++++++++++++++++-----
 functest/tests/unit/utils/test_openstack_utils.py |  6 +++--
 functest/utils/openstack_utils.py                 | 17 +++++++++++--
 3 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/functest/ci/check_os.sh b/functest/ci/check_os.sh
index 2c5c021c7..3920b7ac6 100755
--- a/functest/ci/check_os.sh
+++ b/functest/ci/check_os.sh
@@ -26,6 +26,11 @@ verify_connectivity() {
     return 1
 }
 
+verify_SSL_connectivity() {
+    openssl s_client -connect $1:$2 &>/dev/null
+    return $?
+}
+
 check_service() {
     local service cmd
     service=$1
@@ -63,10 +68,16 @@ fi
 
 echo "Checking OpenStack endpoints:"
 publicURL=$(openstack catalog show  identity |awk '/public/ {print $4}')
-publicIP=$(echo $publicURL|sed 's/^.*http\:\/\///'|sed 's/.[^:]*$//')
+publicIP=$(echo $publicURL|sed 's/^.*http.*\:\/\///'|sed 's/.[^:]*$//')
 publicPort=$(echo $publicURL|sed 's/^.*://'|sed 's/\/.*$//')
-echo ">>Verifying connectivity to the public endpoint $publicIP:$publicPort..."
-verify_connectivity $publicIP $publicPort
+https_enabled=$(echo $publicURL | grep 'https')
+if [[ -n $https_enabled ]]; then
+    echo ">>Verifying SSL connectivity to the public endpoint $publicIP:$publicPort..."
+    verify_SSL_connectivity $publicIP $publicPort
+else
+    echo ">>Verifying connectivity to the public endpoint $publicIP:$publicPort..."
+    verify_connectivity $publicIP $publicPort
+fi
 RETVAL=$?
 if [ $RETVAL -ne 0 ]; then
     echo "ERROR: Cannot talk to the public endpoint $publicIP:$publicPort ."
@@ -81,10 +92,16 @@ if [ -z ${adminURL} ]; then
     openstack catalog show identity
     exit 1
 fi
-adminIP=$(echo $adminURL|sed 's/^.*http\:\/\///'|sed 's/.[^:]*$//')
+adminIP=$(echo $adminURL|sed 's/^.*http.*\:\/\///'|sed 's/.[^:]*$//')
 adminPort=$(echo $adminURL|sed 's/^.*://'|sed 's/.[^\/]*$//')
-echo ">>Verifying connectivity to the admin endpoint $adminIP:$adminPort..."
-verify_connectivity $adminIP $adminPort
+https_enabled=$(echo $adminURL | grep 'https')
+if [[ -n $https_enabled ]]; then
+    echo ">>Verifying SSL connectivity to the admin endpoint $adminIP:$adminPort..."
+    verify_SSL_connectivity $adminIP $adminPort
+else
+    echo ">>Verifying connectivity to the admin endpoint $adminIP:$adminPort..."
+    verify_connectivity $adminIP $adminPort
+fi
 RETVAL=$?
 if [ $RETVAL -ne 0 ]; then
     echo "ERROR: Cannot talk to the admin endpoint $adminIP:$adminPort ."
diff --git a/functest/tests/unit/utils/test_openstack_utils.py b/functest/tests/unit/utils/test_openstack_utils.py
index ef3764cc5..673ad5e20 100644
--- a/functest/tests/unit/utils/test_openstack_utils.py
+++ b/functest/tests/unit/utils/test_openstack_utils.py
@@ -28,7 +28,8 @@ class OSUtilsTesting(unittest.TestCase):
                 'OS_PROJECT_DOMAIN_NAME': os_prefix + 'project_domain_name',
                 'OS_PROJECT_NAME': os_prefix + 'project_name',
                 'OS_ENDPOINT_TYPE': os_prefix + 'endpoint_type',
-                'OS_REGION_NAME': os_prefix + 'region_name'}
+                'OS_REGION_NAME': os_prefix + 'region_name',
+                'OS_CACERT': os_prefix + 'https_cacert'}
 
     def _get_os_env_vars(self):
         return {'username': 'test_username', 'password': 'test_password',
@@ -37,7 +38,8 @@ class OSUtilsTesting(unittest.TestCase):
                 'project_domain_name': 'test_project_domain_name',
                 'project_name': 'test_project_name',
                 'endpoint_type': 'test_endpoint_type',
-                'region_name': 'test_region_name'}
+                'region_name': 'test_region_name',
+                'https_cacert': 'test_https_cacert'}
 
     def setUp(self):
         self.env_vars = ['OS_AUTH_URL', 'OS_USERNAME', 'OS_PASSWORD']
diff --git a/functest/utils/openstack_utils.py b/functest/utils/openstack_utils.py
index e33af63b4..ffc870f62 100755
--- a/functest/utils/openstack_utils.py
+++ b/functest/utils/openstack_utils.py
@@ -82,7 +82,8 @@ def get_env_cred_dict():
         'OS_PROJECT_DOMAIN_NAME': 'project_domain_name',
         'OS_PROJECT_NAME': 'project_name',
         'OS_ENDPOINT_TYPE': 'endpoint_type',
-        'OS_REGION_NAME': 'region_name'
+        'OS_REGION_NAME': 'region_name',
+        'OS_CACERT': 'https_cacert'
     }
     return env_cred_dict
 
@@ -149,6 +150,11 @@ def get_credentials_for_rally():
     if region_name is not None:
         cred_key = env_cred_dict.get('OS_REGION_NAME')
         rally_conf[cred_key] = region_name
+
+    cacert = os.getenv('OS_CACERT')
+    if cacert is not None:
+        cred_key = env_cred_dict.get('OS_CACERT')
+        rally_conf[cred_key] = cacert
     return rally_conf
 
 
@@ -168,7 +174,14 @@ def get_endpoint(service_type, endpoint_type='publicURL'):
 
 def get_session(other_creds={}):
     auth = get_session_auth(other_creds)
-    return session.Session(auth=auth)
+    cacert = os.getenv('OS_CACERT')
+    if cacert is not None:
+        if not os.path.isfile(cacert):
+            raise Exception("The 'OS_CACERT' environment"
+                            "variable is set to %s but the file"
+                            "does not exist.", cacert)
+
+    return session.Session(auth=auth, verify=cacert)
 
 
 # *********************************************
-- 
cgit 1.2.3-korg