diff options
| author |   Linda Wang <wangwulin@huawei.com> | 2017-06-20 06:31:29 +0000 |
|---|---|---|
| committer | Linda Wang <wangwulin@huawei.com> | 2017-06-22 16:24:59 +0000 |
| commit | dbfb9c4e94e500592a8b93f42b7b87230d0af311 (patch) | |
| tree | e8c15131bdca7e7c52abe93f641c366e4d6934cb | |
| parent | 39b46e7e43dffff8f4abfbc142c9e28c9ce0d260 (diff) | |
Enable https for Openstack in Snaps
When running in https environment, snaps should provide two options:
1. To support certification verify when https certification file is provided;
2. To disable server certificate verification without cert file.
JIRA: SNAPS-84
Change-Id: I5a9094238db5c8017cc8b80e3353adc6e793b552
Signed-off-by: Linda Wang <wangwulin@huawei.com>
| -rw-r--r-- | snaps/openstack/create_user.py | 3 | ||||
| -rw-r--r-- | snaps/openstack/os_credentials.py | 8 | ||||
| -rw-r--r-- | snaps/openstack/tests/openstack_tests.py | 10 | ||||
| -rw-r--r-- | snaps/openstack/utils/keystone_utils.py | 9 |
4 files changed, 22 insertions, 8 deletions
diff --git a/snaps/openstack/create_user.py b/snaps/openstack/create_user.py index c6d4678..b3f93d4 100644 --- a/snaps/openstack/create_user.py +++ b/snaps/openstack/create_user.py @@ -93,7 +93,8 @@ class OpenStackUser: identity_api_version=self.__os_creds.identity_api_version, user_domain_id=self.__os_creds.user_domain_id, project_domain_id=self.__os_creds.project_domain_id, - proxy_settings=self.__os_creds.proxy_settings) + proxy_settings=self.__os_creds.proxy_settings, + cacert=self.__os_creds.cacert) class UserSettings: diff --git a/snaps/openstack/os_credentials.py b/snaps/openstack/os_credentials.py index db6369b..b55e480 100644 --- a/snaps/openstack/os_credentials.py +++ b/snaps/openstack/os_credentials.py @@ -22,7 +22,7 @@ class OSCreds: def __init__(self, username, password, auth_url, project_name, identity_api_version=2, image_api_version=2, network_api_version=2, compute_api_version=2, user_domain_id='default', project_domain_id='default', - proxy_settings=None): + proxy_settings=None, cacert=True): """ Constructor :param username: The user (required) @@ -36,6 +36,8 @@ class OSCreds: :param user_domain_id: Used for v3 APIs :param project_domain_id: Used for v3 APIs :param proxy_settings: instance of os_credentials.ProxySettings class + :param cacert: Default to be True for http, or the certification file is specified for https verification, + or set to be False to disable server certificate verification without cert file """ self.username = username self.password = password @@ -48,6 +50,7 @@ class OSCreds: self.user_domain_id = user_domain_id self.project_domain_id = project_domain_id self.proxy_settings = proxy_settings + self.cacert = cacert if self.proxy_settings and not isinstance(self.proxy_settings, ProxySettings): raise Exception('proxy_settings must be an instance of the class ProxySettings') @@ -72,7 +75,8 @@ class OSCreds: ', network_api_version=' + str(self.network_api_version) + \ ', compute_api_version=' + str(self.compute_api_version) + \ ', user_domain_id=' + str(self.user_domain_id) + \ - ', proxy_settings=' + str(self.proxy_settings) + ', proxy_settings=' + str(self.proxy_settings) + \ + ', cacert=' + str(self.cacert) class ProxySettings: diff --git a/snaps/openstack/tests/openstack_tests.py b/snaps/openstack/tests/openstack_tests.py index bfcadaf..109d2ce 100644 --- a/snaps/openstack/tests/openstack_tests.py +++ b/snaps/openstack/tests/openstack_tests.py @@ -85,6 +85,13 @@ def get_credentials(os_env_file=None, proxy_settings_str=None, tokens = re.split(':', proxy_settings_str) proxy_settings = ProxySettings(tokens[0], tokens[1], ssh_proxy_cmd) + if config.get('OS_CACERT'): + https_cacert = config.get('OS_CACERT') + elif config.get('OS_INSECURE'): + https_cacert = False + else: + https_cacert = True + os_creds = OSCreds(username=config['OS_USERNAME'], password=config['OS_PASSWORD'], auth_url=config['OS_AUTH_URL'], @@ -92,7 +99,8 @@ def get_credentials(os_env_file=None, proxy_settings_str=None, identity_api_version=version, user_domain_id=user_domain_id, project_domain_id=proj_domain_id, - proxy_settings=proxy_settings) + proxy_settings=proxy_settings, + cacert=https_cacert) else: logger.info('Reading development os_env file - ' + dev_os_env_file) config = file_utils.read_yaml(dev_os_env_file) diff --git a/snaps/openstack/utils/keystone_utils.py b/snaps/openstack/utils/keystone_utils.py index 337bdc2..8f5effd 100644 --- a/snaps/openstack/utils/keystone_utils.py +++ b/snaps/openstack/utils/keystone_utils.py @@ -12,12 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import requests +import logging + from keystoneclient.client import Client from keystoneauth1.identity import v3, v2 from keystoneauth1 import session -import logging - +import requests logger = logging.getLogger('keystone_utils') @@ -59,7 +59,8 @@ def keystone_session(os_creds): if os_creds.proxy_settings: req_session = requests.Session() req_session.proxies = {'http': os_creds.proxy_settings.host + ':' + os_creds.proxy_settings.port} - return session.Session(auth=auth, session=req_session) + return session.Session(auth=auth, session=req_session, + verify=os_creds.cacert) def keystone_client(os_creds): |